On 03/22/15 07:44, Kevin Chadwick wrote:
Systrace is also an option but the policy writing could be a little
work, the regex support is certainly helpful there.
systrace -A is very helpful
Excellent info; thanks. (This list has the
highest signal/noise ratio among tech lists that
come to mind.)
For now I'll try "ssh -X <user>", umask 0077 for all users
including root (though I learned the hard way you have to
relax that before doing pkg_add...), and keep all this other
material as reference for when I can do more or want to
try things more like systrace, xauth etc (or non-drm video
driver etc to get more screens recognized by X).
That is, unless I learn that there are still ways for one
user to view another's data etc, when I do just that much.
Corrections to my thinking are welcomed.
(This effort is so impressive. Especially compared to
so many other situations where if it seems to work on
the surface, even smart people call it good & move
on. It seems like the worst problems now could be hardware
security, which seems very hard, and 3rd-party systems.
And general human behavior but we can keep trying there
too.)
Best regards,
Luke
