Based on the given links and comments I could not
decide on a clear course of action.
If only we w'd have continuous builds of Chromium in
the Ozone-Wayland implementation. Buying a Chromebook
may not be the worst idea after all.
At least this sounds promising:
On Saturday 4 February 2017 11:00:12 PM IST Leonid Isaev wrote:
> > Exactly. If I am running chromium with firejail, which whitelists what
> > chromium can do to the file system(even better with --private); the
> > browser
> > cannot tamper with .profile/.bash_profile or .ssh.
>
> See, this is
On Sun, Feb 05, 2017 at 11:08:09AM +0530, Shridhar Daithankar wrote:
> ok. It confirms my understanding that X clients can listen to each other's
> events and modify them.
>
> But in xwayland, things are bit different.
>
>
Am 05.02.2017 um 06:38 schrieb Shridhar Daithankar:
>> this point is about the insecurity of the X Windows System architecture,
>> which basically assumes that all applications are to be trusted. There
>> is no build in security, therefore failing modern threat models completly.
>>
>> This
On Sunday 5 February 2017 6:10:51 AM IST sivmu wrote:
> Am 05.02.2017 um 05:16 schrieb Shridhar Daithankar:
> > On Saturday 4 February 2017 7:28:31 AM IST sivmu wrote:
> >> As long as the application has access to the xwayland instance, which is
> >> by default the case when xwayland is available,
Am 05.02.2017 um 05:16 schrieb Shridhar Daithankar:
> On Saturday 4 February 2017 7:28:31 AM IST sivmu wrote:
>> As long as the application has access to the xwayland instance, which is
>> by default the case when xwayland is available, it can influence all
>> other applications that still use
On Saturday 4 February 2017 7:28:31 AM IST sivmu wrote:
> As long as the application has access to the xwayland instance, which is
> by default the case when xwayland is available, it can influence all
> other applications that still use the x-protcol.
Just to understand, if there are two
On Fri, 2017-02-03 at 17:49 +0100, Bart De Roy via arch-general wrote:
> Error verifying signature: parse error
> --pyi53mwzyx2s2ll6
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
>
> hello
>
> I've been postponing looking into browser isolation
> since I
Am 03.02.2017 um 17:49 schrieb Bart De Roy via arch-general:
> hello
>
> I've been postponing looking into browser isolation
> since I started using Wayland about a year ago.
>
> Does anyone have pointers, experiences or comments on
> this topic with regard to Xwayland? If I'd want to
>
hello
I've been postponing looking into browser isolation
since I started using Wayland about a year ago.
Does anyone have pointers, experiences or comments on
this topic with regard to Xwayland? If I'd want to
disassociate parts of chromiums execution context,
what are common, good options?
On Thu, Feb 02, 2017 at 09:30:58PM +0100, Bennett Piater wrote:
> On 02/02/2017 07:28 PM, Leonid Isaev wrote:
> > I already described an approach when one always runs browsers, pdf readers,
> > etc, inside an lxc container, as an unprivileged user. That container
> > resides
> > on a filesystem
On 02/02/2017 07:28 PM, Leonid Isaev wrote:
> I already described an approach when one always runs browsers, pdf readers,
> etc, inside an lxc container, as an unprivileged user. That container resides
> on a filesystem mounted with nosuid (so things like ping, su, sudo won't
> work),
> and has a
Am 02.02.2017 um 19:28 schrieb Leonid Isaev:
> On Thu, Feb 02, 2017 at 03:24:11AM +0100, sivmu wrote:
>> Please take a look at bubblewrap
>> https://github.com/projectatomic/bubblewrap
>> On the default arch kernel it does not use user namespaces.
>
> And? Why do you point out such projects?
>
On Thu, Feb 02, 2017 at 03:24:11AM +0100, sivmu wrote:
> Am 01.02.2017 um 21:16 schrieb Leonid Isaev:
> >
> > But you see, sandboxing apps is by itself is a misleading security feature.
> > Why do I need to sandbox my browser if it is written properly and allows me
> > to disable the unnecessary
-- Changed the topic to keep things clean --
Am 01.02.2017 um 21:16 schrieb Leonid Isaev:
>
> But you see, sandboxing apps is by itself is a misleading security feature.
> Why
> do I need to sandbox my browser if it is written properly and allows me to
> disable the unnecessary (for me)
15 matches
Mail list logo
