Hi, I assumed sandboxed application run within there own embedded X server instance (Xephyr) to protect Xorg against attacks originating from the sandbox. My assumption seams to be wrong as the recent security issue showed [1]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2240 My question is: Why do sandboxed X application run within Xephyr? Is the attack surface smaller if an application runs within Xephyr even if Xephyr must be allowed to talk to Xorg? kind regards, Christoph
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
