Hi, I'm following a guide from the FreeBSD wiki about jailing GUI applications (I give the link just for reference, no need to look at it to understand the question: https://wiki.freebsd.org/JailingGUIApplications).
Everything works well but I'm concerned about the use of
The context is:
I don't think other programs on the Mac can gain more privileges through this setting for example.
The current working alternative is using ssh -Y to run the browser.
Thanks!
Everything works well but I'm concerned about the use of
host +
to allow browser to to run. I've always seen it as a bad security practice but I may be relying on obsolete knowledge.The context is:
- I'm the only person using the workstation.
- It's a headless workstation with VNC server listening locally.
- VNC client (on FreeBSD or Mac) connects through SSH tunnel to the workstation.
host +
doesn't decrease security? In other words: the jail running the browser needs access to my display in a way or the other, which other treats Iḿ opening to with host +
? I don't think other programs on the Mac can gain more privileges through this setting for example.
The current working alternative is using ssh -Y to run the browser.
Thanks!