making X secure?
Arto Pekkanen
isoa at kapsi.fi
Mon Aug 29 12:10:56 UTC 2016
Need good documentation on how to make X11-application run inside a jail
with a local X11 server. Afaik there's no comprehensive guide for this
setup.
Jan Bramkamp kirjoitti 29.08.2016 11:51:
> On 28/08/16 14:30, Jules Gilbert via freebsd-x11 wrote:
>> Is this possible?, can X be made secure??
>>
>> I need X for the Mozilla application family. Are those weak from a
>> security perspective?
>>
>> At the moment I'm doing other stuff and (this may be a foolish
>> thought...,) would accept a quick fix. Probably a really bad idea, I
>> know. But someone who's apparently good at this has hacked several
>> releases of FreeBSD and OpenBSD. About OpenBSD, as soon as one adds
>> (for me, necessary,) applications, it's not as advertised.
>>
>> Okay, one more time. Can X be made secure?
>
> X.org has an enormous attack surface and compromising the X11 server
> can allow you to capture all user input (including passwords). You can
> run a nested X11 server to reduce the attack surface and gain some
> defense in depth. You can also run Firefox and/or Thunderbird in a
> jail. The next step would probably be shipping audit records to a
> remote system with auditdistd. You can further lock down the jail with
> MAC modules if you like to play a few rounds of whack a mole with your
> applications.
> _______________________________________________
> freebsd-x11 at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-x11
> To unsubscribe, send any mail to "freebsd-x11-unsubscribe at freebsd.org"
--
Arto Pekkanen
More information about the freebsd-x11
mailing list