| 1 |
On Wed, Mar 25, 2020 at 1:19 PM Rich Freeman <rich0@g.o> wrote: |
| 2 |
> |
| 3 |
|
| 4 |
> |
| 5 |
> Web tabs are fairly highly sandboxed in most browsers. Suffice it to |
| 6 |
> say something running in a web tab isn't going to be spying on your |
| 7 |
> process list/etc. |
| 8 |
> |
| 9 |
OK, fair enough. I would prefer a browser-only interface anyway, if possible |
| 10 |
|
| 11 |
(BTW: to your knowledge, does that apply to chrome (not chromium)? |
| 12 |
|
| 13 |
> An application can basically do absolutely anything you can do from a |
| 14 |
> shell unless you've done something to contain it. Running it in a |
| 15 |
> container would obviously be one way of containing it. Running it |
| 16 |
> under another UID would be another, though users can generally see all |
| 17 |
> the processes in the system and read any file that is world-readable. |
| 18 |
> |
| 19 |
> I'm not sure how the flatpak version of zoom that was mentioned |
| 20 |
> earlier is packaged. I believe flatpak is container-based, but I |
| 21 |
> haven't used it and I can't speak to how well-contained it actually |
| 22 |
> is, either in general or in its implementation of this particular |
| 23 |
> application. In theory they could make it very secure, but that |
| 24 |
> doesn't mean that they did. |
| 25 |
|
| 26 |
I'm checking Jitsi. Seems nicer than zoom. |
| 27 |
|
| 28 |
|
| 29 |
> |
| 30 |
> Oh, and keep in mind that X11 itself isn't the most secure piece of |
| 31 |
> software in existence. In particular any window on your desktop can |
| 32 |
> spy on the keyboard input into any other window on your desktop, |
| 33 |
> unless you're employing protective measures that nobody actually |
| 34 |
> employs outside of maybe pinentry (I haven't checked that one and I |
| 35 |
> forget if it is completely modal - as in you can't type in any other |
| 36 |
> x11 window while it is displayed). |
| 37 |
|
| 38 |
Right. I propose using a dedicated X session, in a VT other than the |
| 39 |
usual one. Having more than one X session alive is easy, at least for |
| 40 |
users of ligthweight stuff like openbox. |
| 41 |
|
| 42 |
Thanks for the input |
| 43 |
|
| 44 |
Jorge |
| 45 |
|
| 46 |
> |
| 47 |
> -- |
| 48 |
> Rich |
| 49 |
> |
Archives