[ubuntu-hardened] Ideas outside the SELinux box

[Me And You]

On Thu, Feb 14, 2008 at 2:03 PM, Jeff Schroeder <jeffschroed at gmail.com> wrote:
> Me And You wrote:
>  ...
>
> > -Running high risk desktop applications as another user.
>  >  Namely Firefox. In the last few months (and before that), we've seen
>  > a slew of vulns for ff. Most of them could be negated with the
>  > NoScript extension, but not everyone is going to use that. So I
>  > suggest running ff as a user other than the default desktop user. The
>  > reason for this is simple: the typical desktop user has everything of
>  > value to them under that user. If someone exploits firefox and is able
>  > to read/modify everything that the default user owns, well that's damn
>  > near everything that's important. We could make a shared "download"
>  > directory or some such for accessing files and so forth. I don't think
>  > this will be default, but having the option (something like apt-get
>  > install ff-secure) would be nice.
>  And if there is a local user priv escalation bug in the Linux kernel then
>  the attacker uses Firefox running as the other user to get root. If we drew
>  an attack tree of your model, it falls down there. Firefox should be confined
>  using Mandatory Access Control such as SELinux and/or AppArmor by default.
>  That is a much better solution and is certainly a goal for the future.
>

I agree, but I don't know how soon SELinux will be implemented by
default. I suppose the likely hood of this idea being implemented by
default sooner is just as likely, but I thought of this as an
"inbetween" kind of solution (inbetween now and SELinux integration).

I'll check out that script as soon as I get time, should it work
across Feisty and Gusty? (some things have changed in gusty from what
I've seen).