Security and Javascript

• Previous message (by thread): Security and Javascript
• Next message (by thread): German Parliament elections: The parties' positions on Free Software
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The sandbox binary on debian was patched out of the package, as "not being
ready" in some way.

See:
http://unix.stackexchange.com/questions/67127/how-do-i-install-selinuxs-sandbox-utility-on-linux-mint-debian-edition


On Wed, Jul 3, 2013 at 7:28 AM, Timo Juhani Lindfors
<timo.lindfors at iki.fi>wrote:

> simo <s at ssimo.org> writes:
> > sandbox -X runs everything into a nested X server (Xephyr here) run
> > explicitly for the application, so that the app does not have direct
> > access to the outer X server.
>
> Interesting, I'd like to try that out and evaluate its security and
> usability. I can't find "sandbox" binary in Debian, is it perhaps under
> some other name or should I build it from source?
>
> > Although there was a feature (XACE) to make the X server more secure I
> > do no think it ever worked well enough. I think the only good solution
> > will be to use wayland once it is good enough. Its model isolates each
> > process and is much better from a security pov from what I've been told
> > so far.
>
> Indeed. The only working models that I have seen are Qubes OS and just
> using xpra/vnc with virtual machine/another user.
>
> -Timo
> _______________________________________________
> Discussion mailing list
> Discussion at fsfeurope.org
> https://mail.fsfeurope.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20130703/85d25193/attachment.html>

• Previous message (by thread): Security and Javascript
• Next message (by thread): German Parliament elections: The parties' positions on Free Software
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]