[ubuntu-hardened] Ideas outside the SELinux box
Me And You
education.kills at gmail.com
Thu Feb 14 22:25:54 GMT 2008
On Thu, Feb 14, 2008 at 2:03 PM, Jeff Schroeder <jeffschroed at gmail.com> wrote:
> Me And You wrote:
> > -Running high risk desktop applications as another user.
> > Namely Firefox. In the last few months (and before that), we've seen
> > a slew of vulns for ff. Most of them could be negated with the
> > NoScript extension, but not everyone is going to use that. So I
> > suggest running ff as a user other than the default desktop user. The
> > reason for this is simple: the typical desktop user has everything of
> > value to them under that user. If someone exploits firefox and is able
> > to read/modify everything that the default user owns, well that's damn
> > near everything that's important. We could make a shared "download"
> > directory or some such for accessing files and so forth. I don't think
> > this will be default, but having the option (something like apt-get
> > install ff-secure) would be nice.
> And if there is a local user priv escalation bug in the Linux kernel then
> the attacker uses Firefox running as the other user to get root. If we drew
> an attack tree of your model, it falls down there. Firefox should be confined
> using Mandatory Access Control such as SELinux and/or AppArmor by default.
> That is a much better solution and is certainly a goal for the future.
I agree, but I don't know how soon SELinux will be implemented by
default. I suppose the likely hood of this idea being implemented by
default sooner is just as likely, but I thought of this as an
"inbetween" kind of solution (inbetween now and SELinux integration).
I'll check out that script as soon as I get time, should it work
across Feisty and Gusty? (some things have changed in gusty from what
More information about the ubuntu-hardened