LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Killing web browsers - part II

Killing web browsers - part II

Posted Oct 28, 2004 20:49 UTC (Thu) by kleptog (subscriber, #1183)
In reply to: Killing web browsers - part II by rmini
Parent article: Killing web browsers - part II

Rather nasty problem: most of the operations needed for priveledge seperation are root-only. chroot/setuid/jail etc can only be used by root.

Users as a rule can't fake anything, even if for supposedly good purposes. You might fake a setuid program to do something it shouldn't.

(Log in to post comments)

Killing web browsers - part II

Posted Oct 29, 2004 14:41 UTC (Fri) by RobSeace (subscriber, #4435) [Link]

All you really need to do to accomplish this form of "privilege separation"
is to create yourself a separate user account, and use THAT to run your web
browser under... Setup sudoers appropriately, and then have your web browser
icon launch "sudo -u webuser -H mozilla" (or whatever browser) instead of
launching the browser directly... (You'd probably want to setup sudoers so
you didn't have to be prompted for a password for this, too, of course...)
There, now your browser can only access stuff as this other user; and,
presumably, you'd have pretty much NOTHING lying around which that user
would have access to modify/delete...

Killing web browsers - part II

Posted Oct 29, 2004 18:14 UTC (Fri) by NAR (subscriber, #1313) [Link]

There, now your browser can only access stuff as this other user; and, presumably, you'd have pretty much NOTHING lying around which that user would have access to modify/delete...

The problem is that the data the browser needs to read/write can be still sensitive - think about passwords stored by Opera's Wand function (and I think Mozilla has something similar)...

Bye,NAR

Killing web browsers - part II

Posted Oct 29, 2004 19:36 UTC (Fri) by RobSeace (subscriber, #4435) [Link]

Well, I've always thought those silly "remember all passwords I type"
functions were completely stupid, anyway... I never use them... Yes,
Moz does have such a thing, but I certainly don't use it, and I wouldn't
recommend anyone use it... BUT, I thought it at least encrypted the saved
passwords, and required some master password to unlock them? Maybe not...
Like I say, I don't use it... If they just leave it lying around in
plain-text, then it's a very broken design, in the first place, I'd say...
You can't really help people if they TRY to shoot themselves in the foot
by using broken-by-design security-compromising features, just to save
themselves a little typing every now and then... Such people probably
would never even bother going through the trouble of setting up such a
separate user system for added security in the first place, since they're
obviously not too concerned with security, it seems... But, I'd think
there really SHOULDN'T be any need for a web browser to ever access any
sensitive info on your hard drive...

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds