Enrico Zini <enr...@enricozini.org> writes: > ssh -X or -Y to a remote host, then run X apps.
Which requires that host allow remote logins, which creates a different sort of security issue. Also, tunneling a web browser over X is an unbelievably painful experience. > I've recently got worried about common practices I see around me, and > started considering running a "Hardening Debian Development" BOF at the > next Debian event I'm going to participate. The intention would be to > see how to address those issues, but with a strong awareness on > usability[5]. If someone would write up a good step-by-step guide for how to isolate one's web browser in a VM running on the same host, so that you can still get reasonable display performance but have a real separation boundary between the web browser and the rest of the system, I for one would be extremely grateful. The same technique would work for things like Skype. I'm sure it's possible, but I don't know enough about the various virtualization systems to be able to figure it out quickly, and I've yet to get interested enough to spend several days figuring out a method. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnwf1rwu....@windlord.stanford.edu
