On Wed, 14 Dec 2005 08:37:16 -0800, Bob Smith <[EMAIL PROTECTED]> wrote:
>thanks for the explanation. > >so it would be less work to try to chroot a browser then to make a >virtual machine? perhaps its even a better way of isolating? > >i googled around a bit and found some threads about people trying to >chroot their browsers, but i couldnt find any successful story. is it >practically doable? > When you think about all the crap a graphical browser needs just to run (fonts, mime types, library dependencies, plugins, cache, user preferences, ...), it will probably be a major pain to chroot the beast because you'll be duplicating tons of stuff into your chroot. At that point, you have only gained a copy of your file system rather than any real security. Worse yet many "browsers" are actually dual purpose and function as the system file manager within the windowing environment (windows/MSIE, KDE/konqueror, gnome/?, and so on...). If you actually manage to successfully chroot all your browsers to prevent accidentally clicking on a "bad" link, you suddenly don't have a file manager and have lost a lot of usability. >looking at other troublesome programs; they come chooted by default on >openbsd. is there any effort being made by others than vmware to >isolate browsers? > >seems to me like it would be a step in the right direction? Programs are not chrooted/isolated because they are "troublesome" (i.e. have bugs), instead they are chrooted/isolated because they pose significant risks. Since a program like the Apache webserver is always exposed to threats from the outside world, it poses a greater risk than a simple utility program like copy or move that require access to the system. In the crap-happy world of the web and W3C standards, refusing to support crap-de-joure like Java, JavaScript, plugins, cookies and all the rest of the garbage only means that the overwhelming majority of crappy websites will break. Since the overwhelming majority of all web sites are crap spewed by idiots, you can guess where this leaves you. You also need to think about all the file writing that goes on when you browse the web. You've got your cache, cookies, user preferences, javascript files, downloaded plugins and lots of stuff that can be tainted and can be used against you. The Google claim of "Do No Evil" is really bullshit when you realize they are tracking you via every page that loads their AdWords/AdSense stuff and trying to shove targeted adds down your throat. But turning off cookies breaks a lot of well intentioned and useful sites including stuff in the FOSS world like: http://archive.netbsd.se http://sourceforge.net and countless others. A virtual machine by itself is probably not enough because the required local READ/WRITE on files makes for real mess that will only get worse over time. Though the rather smart folks at VMware have thought of this issue (the image can be configured to reset itself after each use), I'm not sure exactly how well it is implemented... -and no one will know without doing a lot of disassembly and reverse engineering. To prevent the READ/WRITE issue with chrooting, you'll need to figure out not only how to chroot the damn browser and everything it needs but you'll also need to figure out how to do the chroot in some kind of a self creating/loading RAM disk to keep a consistent starting state. To put it bluntly, you are looking at a ton of work regardless of the route you decide to take and this list is probably the worst place to discuss work that will never be done. Kind Regards, JCR
