On Thu, 2 Apr 2015 11:47:04 -0400 Jiri B <ji...@devio.us> wrote: > On Thu, Apr 02, 2015 at 12:33:25AM -0400, Eric Furman wrote: > > I sometimes have to deal with PDF files (ugh) and all > > I need is the ability to view and print them, nothing > > fancy. With security in mind I would like to get opinions > > on the best one to use. > > Thanks.
hardly any existing software is written with security in mind, so... mitigation is the word. and since sometimes even the best coders may slip up... > > Run it chrooted under non-default (0) routing domain > and you should be in 99 % fine. and running under it's own user as well. some of these mitigation techniques and more have been discussed recently: https://marc.info/?l=openbsd-misc&m=142703553113760&w=2 https://marc.info/?l=openbsd-misc&m=142637712203350&w=2 https://marc.info/?l=openbsd-misc&m=142676615612510&w=2 the last thread is my experiments with ssh chroot jailing. if you decide to go the chroot route, you need to read that. you would have to do some additional work (eg set up a device) to get a printer working. there is also some info on using Xephyr. i use a jailed xpdf myself just as in the examples. and instead of routing, i use a pf rule: block out log pass out log quick on $intif proto tcp user { root, browse, 1000 } pass out log quick on $intif proto udp user { root, browse, 1000 } but you could just block the one user: block out log quick on $intif proto tcp user pdf block out log quick on $intif proto udp user pdf pass out at the very least, you want to run it under it's own user, using 'ssh -X' and Xephyr. > > (I still can't figure out how to make apps in Xephyr > maximalized without help of a WM.) many programs have command line options to control some of this. eg 'xpdf -fullscreen'. although that doesn't always give me the interface i want. but 'xpdf -geometry xXy' works too. i have scripts that syncronize the Xephyr geometry and the app's. > > j. > in sum, a dedicated unpriviledged user, using ssh -X and Xephyr, with a pf rule (as above), and maybe chroot. about the best you can do for any program. one of those threads is about systrace, but that might be more complicated to set up (haven't looked into it too much myself).
