Sandfox - A Poor Man's Firefox Sandbox

[IgnorantGuru]

I think I also had to give it access to /dev/random.

On Arch at least, this used to cause mount to hang. But I have corrected this in 0.9.6.

[DZ*]

Some of us find ourselves in a situation of having to use certain communications software because friends and family use it. We don't have the source code for it, but we use it because we have to. Well, that doesn't mean we have to trust it.

Could you share instructions on how you sandbox that certain application?

[halfvulcan]

The instructions for sandfox on IgnorantGuru's blog page provide a method for creating profiles for applications. There's usually trial and error and some testing involved. I tend to start by looking on the internet for an apparmor profile for whatever application I'm trying to barricade. I'm certainly not a pro with this yet though.

[bodhi.zazen]

The instructions for sandfox on IgnorantGuru's blog page provide a method for creating profiles for applications. There's usually trial and error and some testing involved. I tend to start by looking on the internet for an apparmor profile for whatever application I'm trying to barricade. I'm certainly not a pro with this yet though.

+1

IgnorantGuru's Sandbox has rather uniques goals and is extremely limited compared to either selinux or apparmor.

No offense intended, but IgnorantGuru has a healthy mistrust of both selinux and apparmor.

So while this sandbox may work for IgnorantGuru, for anyone else, be sure you understand the limitations and alternates, in particular Apparmor or Selinux, before you dive into this technique.

Again, no offense to IgnorantGuru's, it is a nice technique and s/he spent a ton of time on this, but we are talking security here and I am simply stating what should be obvious, do not blindly follow this technique without evaluating it fully, including the advantages and disadvantage as well as the alternatives.

As I have stated earlier, I trust the integrity of my system to Apparmor and this sandbox, IMO, would be relatively easy to break out of if there is a security flaw with the underlying application.

This technique may isolate a user form his or her self, but offers very little, if any, protection of system files and similar results can be obtained, IMO, either using the guest account or creating a limited account for daily use.

Again, no offense to IgnorantGuru or anyone who finds this technique helpful, just understand the limitations before you follow it.

[IgnorantGuru]

Sandfox has reached version 1.0.0, meaning it has proved itself stable. Actually after running it for months I’ve had great results with it. The only change in this version is that /dev/urandom is now treated like /dev/random – both are not remounted to prevent mount hanging on some systems (one user reported having a problem with a /dev/urandom mount hanging).

As far as a security record at this point, Sandfox has been downloaded many hundreds of times - it has become the second most popular download on the site, and has been discussed here, on the Arch Linux forums, and elsewhere. Thus far no one has demonstrated any exploits nor raised any substantiated security problem.

http://igurublog.wordpress.com/downl...cript-sandfox/

[arapaho]

Please, vote

[IgnorantGuru]

I also voted for your other idea re the firewall - that is sorely needed in Linux and has been for awhile.

In the easy to use department, sandfox does make it as simple as "sandfox firefox" or "sandfox skype", although there aren't any provided profiles for the other programs you mentioned.

[arapaho]

Thank you. And thank you for sharing your work.
Actually idea #26902: ref. firewall is not my idea but I voted for it too.
I hope idea of sandboxing applications becomes popular. I'd be happy if there was a kind of GUI application control center allowing to control security issues in Ubuntu, including sandboxing. Actually there are 'ideas' about it
Idea #1282: Security and stability centre
http://brainstorm.ubuntu.com/idea/1282/
Idea #19648: Security Center
http://brainstorm.ubuntu.com/idea/19648/
and discussion:
https://lists.ubuntu.com/archives/ub...l/subject.html

But I'm a total newbie and I can only vote. I hope developers take into account public requests.

[bodhi.zazen]

FYI: As I mentioned earlier ...

1. Apparmor provides most of not all of this functionality in Ubuntu.

IMHO I think you would be much better off learning apparmor and/or writing refining the various apparmor profiles.

2. Fedora has been working of a sandbox confined by selinux since Fedora 12.

Here is but one example:

http://www.bress.net/blog/archives/1...th-Fedora.html

So again I think it is best to join / contribute to existing projects and personally I would trust apparmor, selinux, openvz, LXC, pax/grsecurity far more then this project.

If you wish to use Ubuntu, much of what you are wanting already exists with apparmor.

[archolman]

I like this Sandfox idea. I'm not a newby, but I'm not that conversant with configuration-file handling/editing, permissions, etc. This is what Apparmor & SELinux aren't, that is, easy to use.

Simple and comparatively robust security is the answer to most users questions in this area. I think Sandfox gives me a tool that is within my competence of using bash.

Having said that, if Apparmor & SELinux came with a comprehensive GUI, I would be using one of those. Point & click has to be the way to enable general users to feel confident when dealing with security.

Apparmor is probably the best GNU/Linux SOHO solution, but when, say, your're running a small business, who's got the time to mess with it, especially when your not sure of what's needed. SELinux or Bastille seem even more complicated. They are techhead solutions, not general users tools. The Sandfox idea is closer to the general users competence than the alternatives.