Sandboxing

[Matt Piechota]

On Thu, 9 Nov 2006, Lowell Gilbert wrote:

> Seriously, though, while Erik Trulsson was correct in pointing out the
> difference between an X client and an X server (only the latter has
> direct access to memory), X clients do have fairly privileged access
> to the server, and I don't have a lot of confidence in the safety of a
> sandboxed application running in a normal X session.  It's certainly

Perhaps one would use Xvnc to eliminate issues with the client mucking 
around in the X server space?  I assume that Xvnc/vncviewer do not just 
pass the X calls to the local server though.

It seems like while jails, vnc, and sandboxes may work, the safest method 
is to run in a VM as you mentioned.

-- 
Matt Piechota