Page 4 of 4 FirstFirst ... 234
Results 31 to 35 of 35

Thread: Sandfox - A Poor Man's Firefox Sandbox

  1. #31
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Sandfox - A Poor Man's Firefox Sandbox

    Quote Originally Posted by archolman View Post
    Having said that, if Apparmor & SELinux came with a comprehensive GUI, I would be using one of those.
    You obviously have not tried Fedora 14 as it comes with selinux enabled and as comprehensive a gui as you would want.

    The gui tools notify you of alerts and as a part of the alert they (usually) include the necessary steps to resolve the problem. Sometimes at the click of a button, sometimes running a command.

    On my F14 desktop I have not had to do anything with selinux configuration, it works out of the box.

    You will get alerts if you do something unexpected (such as install an application form source code or run a service on a non-standard port), but the graphical tools will walk you through the fix most of the time.

    In addition to the alerts, there are graphical tools to modify the selinux policies, if you feel you need to. Typically this would be setting a Boolean allowing you to serve a file or directory samba or nfs share through apache. Something like that would be unusual but you can make the necessary modifications via the graphical interface.

    The advantage of Fedora 14 is that
    1. There are working policies out of the box.
    2. The policies are quite mature and most users do not nee dto modify them.
    3. When there is a problem you can almost always manage them from the graphical tools.

    For Apparmor, on Ubuntu, simply install the apparmor profiles:

    Code:
    sudo apt-get install apparmor-profiles
    There is already a profile for firefox and it works for most people without further intervention.

    Unfortunately there are insufficient graphical tools to manage apparmor in Ubuntu.

    The advantage of apparmor is that it is faster to learn.

    The disadvantages are that:
    1. The profiles are less mature then selinux (or lacking) meaning users need to spend time modifying or writing policies.
    2. There is a lack of graphical tools to manage apparmor.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #32
    Join Date
    Feb 2007
    Beans
    206
    Distro
    Kubuntu

    Re: Sandfox - A Poor Man's Firefox Sandbox

    Re AppArmor and SELinux, I would just add a few cautionary notes.

    In my limited experience with default profiles in such security solutions, they are often very loose, which is why they work so well. They are often more geared toward protecting the system and system files than they are your personal files or info. For example, a default Firefox profile will probably give Firefox (and thus any Firefox exploits) access to all your user-accessible files. (If it didn't, you wouldn't be able to save files to your home folder from within Firefox, for example.) Nothing wrong with starting with a default profile, but depending on what your goal is, you may want to tighten down aspects of it. (Fear Not Root is a good read on this subject.)

    Second, as I believe was discussed earlier in this thread, these robust security solutions are often created with the (overt and covert) involvement of government agencies who specialize in spying, and are influenced by corporations that don't necessarily have YOUR security in mind. Put simply, they very likely contain backdoors of various sorts. This is common in the Windows world, where anti-virus software often has other things going on as well. Thus, some people don't trust these types of security solutions, either because they don't trust these entities, or they feel any backdoors could be used by others. In addition, they are very complex, with many thousands of lines of code - many places to hide exploits (even open-source code is not peer-reviewed nearly as much as is commonly claimed, and exploits are rarely discovered this way).

    Sandfox is not in their category - a filesystem sandbox, it cannot provide the network and other robust system protections that they provide. But it is simple and transparent, uses only basic Linux tools to construct the sandboxes, and uses virtually no resources. You might consider it more of a security enhancement, but a fairly strong one in terms of filesystem access (generally as strong as the filesystem protections in Linux).

    Use whichever fits you best - I just wanted to clarify the differences.
    Check out my blog for useful scripts and tips... http://igurublog.wordpress.com

  3. #33
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Sandfox - A Poor Man's Firefox Sandbox

    Quote Originally Posted by IgnorantGuru View Post
    Re AppArmor and SELinux, I would just add a few cautionary notes.

    In my limited experience with default profiles in such security solutions, they are often very loose, which is why they work so well. They are often more geared toward protecting the system and system files than they are your personal files or info. For example, a default Firefox profile will probably give Firefox (and thus any Firefox exploits) access to all your user-accessible files. (If it didn't, you wouldn't be able to save files to your home folder from within Firefox, for example.) Nothing wrong with starting with a default profile, but depending on what your goal is, you may want to tighten down aspects of it. (Fear Not Root is a good read on this subject.)
    Yes and no. Because of #2 you are not really familiar with selinux or apparmor so you do not really know how they work or what the options or limitations are.

    I agree with your point that in addition to system files , files in /home need to be locked down.

    For example, there is (typically) no reason firefox needs access to ~/.ssh (and other files).

    Apparmor and selinux both have the ability to lock down files in /home, yes you need to configure them properly, especially apparmor, but doing so is trivial, and there is an include for apparmor for "private files".

    The biggest flaw in your method is that system files are not in any way protected.

    Second, as I believe was discussed earlier in this thread, these robust security solutions are often created with the (overt and covert) involvement of government agencies who specialize in spying, and are influenced by corporations that don't necessarily have YOUR security in mind. Put simply, they very likely contain backdoors of various sorts. This is common in the Windows world, where anti-virus software often has other things going on as well. Thus, some people don't trust these types of security solutions, either because they don't trust these entities, or they feel any backdoors could be used by others. In addition, they are very complex, with many thousands of lines of code - many places to hide exploits (even open-source code is not peer-reviewed nearly as much as is commonly claimed, and exploits are rarely discovered this way).
    Without a citation this is a hypothesis, conspiracy theory, or paranoia at best. I assume you obtained bash from canonical as you are posting on the Ubuntu Forums. Canonical is a corporation last time I looked

    Unless you are using LFS and unless you reviewed your compiler and the source code yourself you are vulnerable to these threats and your script does not change that fact.

    A back door, and it only takes one , such as you hypothesize, could be anywhere in your system files from the kernel itself to netfilter. Why would the various entities you fear target selinux or apparmor ? Those are both security applications and the paranoid penguins are going to review that code more then most. A back door in these apps would stand out like a sore thumb.

    Far better to target the kernel or netfileter.

    Now since your sandbox does not guard against system files, it does nothing to protect against the backdoors you fear. You simply can not ignore the integrity of the kernel and expect a bash script to provide any type of safety net.

    Sandfox is not in their category - a filesystem sandbox, it cannot provide the network and other robust system protections that they provide. But it is simple and transparent, uses only basic Linux tools to construct the sandboxes, and uses virtually no resources. You might consider it more of a security enhancement, but a fairly strong one in terms of filesystem access (generally as strong as the filesystem protections in Linux).

    Use whichever fits you best - I just wanted to clarify the differences.
    No sandfox is nowhere close to a selinux sandbox.

    You can obtain similar results with Virtualbox, a live CD, LXC, a chroot, apparmor, etc, etc. Any of those options at least offers some semblance of isolation.

    If you do not trust selinux or apparmor, find an alternate solution you do trust (pax / grsecurity, other ?)
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #34
    Join Date
    Sep 2006
    Location
    Huddersfield
    Beans
    85
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Sandfox - A Poor Man's Firefox Sandbox

    Quote Originally Posted by bodhi.zazen View Post
    You obviously have not tried Fedora 14 as it comes with selinux enabled and as comprehensive a gui as you would want.
    Thanks Bodhi, I may well leave the Ubuntu fold for Fedora , especially as Ubuntu seems set to drop the Gnome desktop.

    @IgnorantGuru: Good luck with the Sandfox project.
    Peace, love & The Archers!
    WinXPHome-SP3 DAW/ Ubuntu 10.04.2LTS Surf&BOINC,
    on
    AMD Athlon64, 2GbRAM

  5. #35
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Sandfox - A Poor Man's Firefox Sandbox

    <offtopic>
    I just installed Fedora 15, gnome-shell is the default desktop.
    </offtopic>

Page 4 of 4 FirstFirst ... 234

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •