On 08/14/15 12:08, dan mclaughlin wrote:
On Fri, 14 Aug 2015 16:45:52 +0000 Frank White <mediome...@gmail.com> wrote:
Hi, anyone has some advices to make more secure a browser like firefox ?
chroot + systrace ?
Thank you.
apparently it's been done. David Coppa reported that he succeeded chrooting
firefox here: https://marc.info/?l=openbsd-tech&m=143645383725835&w=2.
i think he was following this ('isolating untrusted programs in ssh chroot
jails'): https://marc.info/?l=openbsd-misc&m=142676615612510&w=2 which
details chrooting. that post also links to J. Thornburg's earlier work
securing firefox.
To achieve what might be the same goal, I simply open a new
terminal window, 'ssh -X otherusername@localhost' (having
ssh authorized_keys and sshd_config all set up to allow it),
and run the browser or other apps from there. It has been
working well
for me, and I hope it's secure though I don't know all the
possible downsides within X security-land.
For one java IDE I have to do 'ssh -Y otherusername@localhost'
instead, before launching it, since apparently it needs things
that -X doesn't allow, and I haven't learned enough yet about
X security to be more specific in what is allowed.
One downside is that the first term window above can't launch
new windows after a while, but that's easy to work around.
There was more discussion on similar things at the thread
(sorry I don't have a link handy) from march 2015, subject
"running multiple simultaneous X sessions as different users".
