Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wouldn't selinux be enough? Browsers have no business touching files outside of ~/.mozilla or whatever.


I've run Firefox in a Red Hat/Fedora SELinux sandbox [1] [2] for the past 5 years or so. It is a little more tedious for things such as file uploads/downloads and cut-and-paste -- but worth it, IMHO.

[1] http://danwalsh.livejournal.com/31146.html

[2] http://www.bress.net/blog/archives/195-Firefox-in-a-sandbox-...


Wouldn't this prevent you from opening local .html files?


How would you handle uploads or downloads then?


Explicitly configure appropriate permissions for ~/Download/Firefox?


I organise my files, I don't put everything into the same directory. I save them all over my file system. Same for uploads, I do not put them into one directory prior to uploading.


I think a better method is what Apple has done in OS X. When the app needs to read from or write to a user specified file, the app calls a specific API that presents a file picker dialog. The file picker dialog is running in a separate process from the sandboxed app, and the app will temporarily be granted permissions to access this particular chosen file through this API.


If you have a directory that you want to expose, you can set that up. It doesn't have to be just ~/Downloads/Firefox. If you want to expose something like ~/Documents but deny access to ~/Documents/Private you can do that. With a little effort, you can probably even configure a helper utility that toggles access on and off dynamically with a status charm in the notifications area.


That sounds incredibly cumbersome, akin to things like umatrix or noscript (which I use but 99% of users would never touch or be able to correctly control).


It's only as cumbersome as you choose to make it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: