Enrico Zini <email@example.com> writes:
> ssh -X or -Y to a remote host, then run X apps.
Which requires that host allow remote logins, which creates a different
sort of security issue. Also, tunneling a web browser over X is an
unbelievably painful experience.
> I've recently got worried about common practices I see around me, and
> started considering running a "Hardening Debian Development" BOF at the
> next Debian event I'm going to participate. The intention would be to
> see how to address those issues, but with a strong awareness on
If someone would write up a good step-by-step guide for how to isolate
one's web browser in a VM running on the same host, so that you can still
get reasonable display performance but have a real separation boundary
between the web browser and the rest of the system, I for one would be
extremely grateful. The same technique would work for things like Skype.
I'm sure it's possible, but I don't know enough about the various
virtualization systems to be able to figure it out quickly, and I've yet
to get interested enough to spend several days figuring out a method.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>