On 03/01/2015 01:36 PM, Ted Unangst wrote:
Nevertheless, the policy is only advisory. Writeable executable memory is only
an mmap or mprotect away.
Thanks for your work. Is there a simple way to turn on enforcement W^X
on a system, to see what breaks?
On 2015-03-03, someone wrote:
> Wow, copying the .Xauthority to the "separated" user worked!
>
> But I'm still thinking that the "separated" user can give out the command:
>
> xinput test 6
>
> and can see what anyone types in via X.
See xauth(1) about generating an untrusted auth token. If you'r
http://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/
h, great, looks like X is not soo good regarding security.. maybe
Wayland..
On Tue, Mar 3, 2015 at 6:09 PM, someone wrote:
> Wow, copying the .Xauthority to the "separated" user worked!
>
> But I'm still thinki
Wow, copying the .Xauthority to the "separated" user worked!
But I'm still thinking that the "separated" user can give out the command:
xinput test 6
and can see what anyone types in via X.
On Tue, Mar 3, 2015 at 5:56 PM, Ryan Freeman wrote:
> On Tue, Mar 03, 2015 at 05:51:27PM +0100, someon
On Tue, Mar 03, 2015 at 05:51:27PM +0100, someone wrote:
> Hello,
>
> If I:
>
> pkg_add firefox-esr
>
> then I cannot see any separated user for it:
>
> grep -i firefox /etc/passwd
>
> When will OpenBSD have a separated user for the webbrowser by default?
I think Ted specifically stated that
Hello,
If I:
pkg_add firefox-esr
then I cannot see any separated user for it:
grep -i firefox /etc/passwd
When will OpenBSD have a separated user for the webbrowser by default?
If someone gets in via the webbrowser... it will have the id_rsa, the
*.kdb, etc.
If it will not be default wha
> At the risk of feature creep:
> There was a thread on this list about browser installation
> such that it would, for each user be sandboxed in a clean room, denying any
> scripts access to the users files. I don't know if this is at all
> appropriate for
> this project, and I just throw it out t
On 03/01/2015 10:36 AM, Ted Unangst wrote:
> A few words about a project I've started working on today with support from
> the OpenBSD Foundation.
This is a good idea. I just threw some more coin in the donations bin.
At the risk of feature creep:
There was a thread on this list about browser i
On Sun, March 1, 2015 1:36 pm, Ted Unangst wrote:
> I'd like to thank the OpenBSD Foundation for supporting this effort, and
> the
> many donors who have supported the Foundation. The Foundation wouldn't be
> in a
> position to support projects like this if it weren't for you.
>
My thanks, as well
A few words about a project I've started working on today with support from
the OpenBSD Foundation.
As you may know, OpenBSD has a W^X (write xor execute) policy for memory.
This mitigates many forms of exploit, either by preventing the exploit from
overwriting the program's executable code or pre
10 matches
Mail list logo
