On Wed, Mar 04, 2020 at 02:06:40AM +0100, whistlez...@riseup.net wrote: > Hi, > in the following message: > https://marc.info/?l=openbsd-misc&m=158110613210895&w=2 > Theo discourages to use unveil instead of chroot. > I asked if he suggests the same for the browser but he asked that chroot > is onlye for *root*. > Then what should I do to hardening the most exposed piece of code that > we use everyday ? > Now I'm using unveil+chrome... > Thank you.
I seriously doubt the browser as it is today can be ever made secure - in the form of ff or ch or ie, loading software, fonts, pictures from around the world and executing it straight away. Because the whole idea that page of text is a program is wrong and crime enabling. I guess using unveil etc just keeps the rotten stink out of other parts of the os. And html email is, to me at least, an apocalyptic disaster in the making. So, on the grand plane of things, I suspect we are fucked (minus some people who would try to avoid being so, but the big picture is not going to change). Basically, I would describe the problem as "people have alergy for plain text, so the careless mob will pull with themselves the caring few straight to hell". As of me, I use the trick with multiple users for different roles (similar to other person who posted in this thread). I also employ noscript in some of the roles. In every browser, I turn font loading off, set the default fonts/sizes to something I can look at, and I set the minimum font size to some visible limit (so I can easily see that something is there). And black on white, if possible. There is already enough pages displaying brown text on navy-blue background. I am not sure if I do anything else with ff, security-wise. Sure my security might be bypassed, but so far I think I did what I could (always happy to learn, however, even if it makes me look like an idiot for a moment). In old Opera, there was a way to customize what parts of css will be executed. Alas, I will not use Opera anymore, because they went multithreaded. With old one, a poorly written script would have kept only one of my cores fully loaded. With multiple threads, I am on the road to total madness, so no go. Otherwise, I consider this old Opera (12.x) to be near ideal for me. However, this one, too, kept writing to my disk, sometimes, see below. In ff, I routinely turn css off when I think this would be a good thing to improve "reading experience". But the results often disappoint. I have to scroll down ten or twenty screens of bloody huge face and bird icons, each the size of my 22'' monitor - can you imagine it? Then I finally come to the tiny scrap of five lines of text, which I wanted to read, which is the so called article. This paragraph is bigger. Actually my browsing routine now employs more primitive browsers. I have found out that many sites display sufficiently (or excellently, even) in dillo - and guess what, no efing bird icons (because my version cannot svg). Just text and those images which dillo knows how to display (sometimes clicking on empty place of image loads it). In the case of dillo, I have set up things to - kind of - emulate a text terminal with it. So font is of monospace kind, bg is black and fg is some light, non-aggressive green. The config files are a bit hotdge-podge (with leftovers of fierce experimenting), but show what I like to see. You guessed it, no loading of css. Speaking of terminals, of course they all use monospace fonts. I am not sure if there is any security risk with varied-width fonts, but simple should be more secure, right? And if a line always has eighty chars of length... When I come to something new to display, I often use lynx, elinks or w3m, in no particular order, and as many users, too. About 70-90% of cases one of the mentioned programs does the job. If the site cannot perform, not my fault. Sometimes I open it in ff, or not. If the site politely suggests I am wrongdoing them, because I do not display their ads, well, not my fault, the retards had not sent me anything I could display. As a side note, I sometimes get a bit obsessed upon seeing a program which "sits idle" but scratches my disk every n seconds (and/or loads my cpu with empty loops). A daemon can be hunted down and nailed. No big deal. But a browser, it its grandiose form (say, ff) cannot be nailed and used at the same time. I (partially) solved the problem by putting ~/.cache-mozilla and ~/.mozilla on the ram disk. Now scratch me if you can, browser. Actually, ~/.cache-mozilla and ~/.mozilla are symlinks, when system is booted they are dead, but after I call a makeshift script, the contents of dot_mozilla.tar and dot_cache_mozilla.tar are being unpacked into proper locations on the ramdisk and the dead links become live. Then the offender is started. Pros: now it only drives me slightly mad few times a year. Cons: I have to manually correct tar files and they are always the same, same session, same settings, same everything as was saved to tar-files. The script is written with Elisp and duct tape, survived more years than I intended for it (planned to rewrite it in civilised Scheme dialect, but time too scarce to learn). Performance is better when the said dirs are saved in tar. No more zzz-zzz-zzz-ziping through multistaged directory structures. I measured the times, so I know. Compressing does not help in this case. Of course, that way I cannot use bookmarks in ff, but that is not a problem. I have already moved with bookmarking to org-mode. And good, because I doubt any browser would deal with ca. 100k bookmarks (once I was off the limits imposed by a browser, I kept adding and see where I ended). On the darker side of things, I am to introduce older family member to the World of Widely screW-W-Wed Web. The plan is to configure her browser like I do for myself (minus ramdisk, settings will be saved), but I am very much afraid the experience will be shocking and grievious for one of us. Either she will have to deal with noscript all the time, which is only so-so experience, but the alternative is that I keep imagining how she gets undead shit loaded from all over the WWW-world. I swallow noscript because I know what is the deal. Not sure if I can properly translate it to beginner user. I tried translating to medium-advanced younger user and failed miserably - she does not remember what I told her, not even the name "noscript" stays in memory, so after repeating ten+ times (over many months) I acknowledged my pitiful failure (fortunately, only I remember it) and reiteraited to the lair. Any ideas? The host is going to be laptop with Mint Xfce (yes, I have strong obsession against Unity), but I might move it to obsd one day (thanks to chronic lack of time I myself still had not moved out of Linux yet). TIA :-) -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com **
