[ubuntu-hardened] Ideas outside the SELinux box

[Chad Sellers]

On 2/14/08 4:39 PM, "Me And You" <education.kills at gmail.com> wrote:

> As this is a ubuntu-hardened list, and not just a Ubuntu SELinux list,
> I thought I would throw out some ideas on what I would like to see in
> Ubuntu as far as security goes, and see what people think. I don't
> claim expertise in any areas, but I think of the things here would be
> very useful.
> 
> -Running high risk desktop applications as another user.
>  Namely Firefox. In the last few months (and before that), we've seen
> a slew of vulns for ff. Most of them could be negated with the
> NoScript extension, but not everyone is going to use that. So I
> suggest running ff as a user other than the default desktop user. The
> reason for this is simple: the typical desktop user has everything of
> value to them under that user. If someone exploits firefox and is able
> to read/modify everything that the default user owns, well that's damn
> near everything that's important. We could make a shared "download"
> directory or some such for accessing files and so forth. I don't think
> this will be default, but having the option (something like apt-get
> install ff-secure) would be nice.
> 
Unfortunately, coarse-grained segregation like this usually doesn't really
work well. Firefox would need to access some things under your normal user.
This is a lot more than a shared directory; this also involves talking to
the window manager (which is running as the user you logged in as), reading
preferences (both from .mozilla and from things like gconf), talking to the
user dbus, etc. That's why something more fine-grained that lets you allow
some things but disallow everything else (like SELinux) is useful.

Chad