running browser as seperate user

[lou21]

Yes. It gets its own separate home folder. It can't read or write to the users home folder.

So if one were to keep any executables or scripts (e.g. self made ones) in their home folder then this would actually add considerable security...

[unspawn]

I'd say Java exploits are the most likely attack vector for a Linux user. In the case of a Java exploit running the browser and plugin as a separate user will mean that only that UID is compromised.

If Java is the most likely attack vector then shouldn't the first measure be to disable the Java plugin and webstart until it's actually needed? Phrased differently: who would the measure realistically benefit? By guesstimate I'd say that of people who have Java installed about .001 per cent actually need it and even then it doesn't always have 'net capabilities either: for example OpenOffice.org or LibreOffice may suggest Java as a dependency but IIRC it's only needed for specific math stuff?

[mike acker]

This functionality is built in to Firefox in the form of "profiles":

http://support.mozilla.org/en-US/kb/...ores-user-data

If you are using Firefox as Profile A then it will not have access to the passwords, cookies, bookmarks, etc. of Profile B.

...the more advanced question we have is: what can a browser access in our computer ??

e.g. could a Java Script launched by a WebPage inventory my /home/documents/correspondence directory and send copies of my memos to Hacker6@Ukrane.rus ??

I am running Firefox in the AppArmor proficle distributed by Cannonical but I need to learn more about the syntaxt of AppArmor in order to audit the given profile . we have trolls "out there" who threaten people with the cost of defending litigation as a means of extortion ...

[lou21]

...the more advanced question we have is: what can a browser access in our computer ??

e.g. could a Java Script launched by a WebPage inventory my /home/documents/correspondence directory and send copies of my memos to Hacker6@Ukrane.rus ??

I am running Firefox in the AppArmor proficle distributed by Cannonical but I need to learn more about the syntaxt of AppArmor in order to audit the given profile . we have trolls "out there" who threaten people with the cost of defending litigation as a means of extortion ...

Does anyone know the answer to this? This is an important question (yes I know that Java Script should be disabled by default but sometime it needs to be on and we all know that even reputable websites get attacked sometimes).

[snowpine]

This is not what I was asking about at all.

Understood; I was merely trying to suggest a simpler method that should be "secure enough" for most users, as well as to let you know that Mozilla developers are concerned about these issues and working to make Firefox as safe & secure as possible.

[Hungry Man]

There's no way for Javascript to access those files unless the browser provides an interface to do so. If it does provide that interface you can bet that it's handled in some way that wouldn't allow arbitrary access.




@Unspawn,

If Java is the most likely attack vector then shouldn't the first measure be to disable the Java plugin and webstart until it's actually needed? Phrased differently: who would the measure realistically benefit? By guesstimate I'd say that of people who have Java installed about .001 per cent actually need it and even then it doesn't always have 'net capabilities either: for example OpenOffice.org or LibreOffice may suggest Java as a dependency but IIRC it's only needed for specific math stuff?[

You can disable the web plugin, sure. But then there'll be that day where you need to enable it for whatever site, and that's a pain.

You can use Click To Play (that's how I do it) but uneducated users click "Yes" to anything, they've been trained to do so. The most obvious evidence of this is the proliferation of software that's packaged with other software ie: ask toolbar, babylon, etc.

So a solution like AppArmor, which works whether the code is run or not, is ideal for Java.

Beyond that, for people in many countries Java is a requirement for accessing government/ bank websites.

@Lou21,

So if one were to keep any executables or scripts (e.g. self made ones) in their home folder then this would actually add considerable security...

Sort of. If an attacker has gained control over Firefox they'll be able to read/write to whichever Home directory Firefox has access to. If this is the case they could simply drop/write their own scripts and execute them.

A more significant benefit is that a process of UID X can't interact with a process of UID Y. It can't read its address space, or ptrace it, or do much at all to it. Essentially you isolate Firefox from other UIDs. The added benefit of it getting its own Home directory is less significant.

[vasa1]

... LibreOffice may suggest Java as a dependency but IIRC it's only needed for specific math stuff?

Don't mean to "derail" this thread but ... http://www.libreoffice.org/get-help/...-require-java/

[lou21]

Understood; I was merely trying to suggest a simpler method that should be "secure enough" for most users, as well as to let you know that Mozilla developers are concerned about these issues and working to make Firefox as safe & secure as possible.

In that case thank you for posting.

[lou21]

There's no way for Javascript to access those files unless the browser provides an interface to do so. If it does provide that interface you can bet that it's handled in some way that wouldn't allow arbitrary access.




@Unspawn,


You can disable the web plugin, sure. But then there'll be that day where you need to enable it for whatever site, and that's a pain.

You can use Click To Play (that's how I do it) but uneducated users click "Yes" to anything, they've been trained to do so. The most obvious evidence of this is the proliferation of software that's packaged with other software ie: ask toolbar, babylon, etc.

So a solution like AppArmor, which works whether the code is run or not, is ideal for Java.

Beyond that, for people in many countries Java is a requirement for accessing government/ bank websites.

@Lou21,


Sort of. If an attacker has gained control over Firefox they'll be able to read/write to whichever Home directory Firefox has access to. If this is the case they could simply drop/write their own scripts and execute them.

A more significant benefit is that a process of UID X can't interact with a process of UID Y. It can't read its address space, or ptrace it, or do much at all to it. Essentially you isolate Firefox from other UIDs. The added benefit of it getting its own Home directory is less significant.

Interesting. Thank you.

[vasa1]

...
Beyond that, for people in many countries Java is a requirement for accessing government/ bank websites.
...

The sad thing is that many of these Java-loving banks also love another operating system as is implied here: How do I install 'proper' anti-virus protection for Online Banking satisfying its Terms of Use?

The other point which may already have been mentioned is that many of these exploits, Java or not, are "social" with a high degree of PEBKAC.