You are not logged in.
- Topics: Active | Unanswered
#1 2012-02-15 08:25:01
- thetrivialstuff
- Member
- Registered: 2006-05-10
- Posts: 191
running web browser as separate user?
I'm wondering if anyone does this -- in light of how many ways there are for a web browser to accidentally let something in (even when you're careful about controlling scripts and such), I've been considering it.
The way I'm thinking of doing it is something like:
chmod o+x ~/
chgrp browseruser ~/.Xauthority
chmod g+r ~/.Xauthority
XAUTHORITY=/home/me/.Xauthority sudo -E -u browseruser opera...I vaguely remember reading somewhere that there are some security implications to granting another user access to one's .Xauthority file and X session, but I don't remember what they are. Two things I can think of offhand is that the web browser would still have access to my user's clipboard and primary selection buffer, but the security risk from that is minimal.
At any rate, even if some malicious script is robust enough to know how to attack Opera on the latest Arch Linux, I really doubt it'd be so sophisticated that it would know that it's being run as another user and break across to my account.
Thoughts on this? I've never actually seen an exploit jump out of Opera, so I'm mostly just being paranoid for fun here.
~Felix.
Offline
#2 2012-02-15 09:45:44
- litemotiv
- Forum Fellow
- Registered: 2008-08-01
- Posts: 5,026
Re: running web browser as separate user?
I think most modern browsers sandbox sessions these days unless you explicitly override it, so the security you would potentially gain would be minimal..
ᶘ ᵒᴥᵒᶅ
Offline
#3 2012-02-15 10:52:20
- swanson
- Member
- From: Sweden
- Registered: 2011-02-05
- Posts: 759
Re: running web browser as separate user?
Did you look at "firefox -P" for creating a different user profile within FF? http://support.mozilla.org/en-US/kb/Managing-profiles
Offline
#4 2012-02-15 17:44:58
- thetrivialstuff
- Member
- Registered: 2006-05-10
- Posts: 191
Re: running web browser as separate user?
I think most modern browsers sandbox sessions these days unless you explicitly override it, so the security you would potentially gain would be minimal..
I'm also concerned about auto-handling of downloaded files, though. In the past, I've had a couple scares because non-sane defaults had changed after a package upgrade -- for instance, if you were to do a fresh install of WINE, the various MIME desktop handers, and xdg-open (the latter two of which are required by so many things it's pretty much a given that they'll be installed), .exe files would get associated with WINE automatically. Then you're one accidental click away from running Windows malware if a site manages to pop up a download dialogue for you 
(Especially because Linux browsers don't recognize .exe as a threat -- they don't have the extra layers of "this is an executable file!" that Firefox does on Windows, because .exe *isn't* an executable file -- it's a data file type associated with "some program". Trouble is, "some program" happens to be WINE.)
I keep on top of crap like that (and it's actually quite difficult to prevent WINE from re-associating .exe's across pacman -Syu), but I frankly don't trust well-meaning upstream people not to find some other new and exciting way to give us one-click malware capability. For instance, even .desktop files are a major hazard, because they don't require chmod +x.
WINE is just one example -- xdg-open is a total crapshoot, because it doesn't follow associations you've set up in other environments (e.g. File Associations under konqueror's settings). Since I'm not using a DE, I don't really know what xdg-open is going to choose to open something with (it picks Firefox perplexingly often, though -- PDF? ignore the MIME database; open it in FIrefox! .DOC? ignore the MIME database; open it in Firefox! etc.).
And xdg-open is just one example, too -- like I said, I don't trust the well-meaning upstreamers who invented that not to invent something else in the future, so disabling xdg-open is again only a piecemeal solution.
Offline
#5 2012-02-15 21:02:06
- b4data
- Member
- Registered: 2010-12-14
- Posts: 141
Re: running web browser as separate user?
The way I'm thinking of doing it is something like:
chmod o+x ~/
chgrp browseruser ~/.Xauthority
chmod g+r ~/.Xauthority
XAUTHORITY=/home/me/.Xauthority sudo -E -u browseruser opera
For alternative ideas, here's how I do it:
Create a seperate user, add it to the audio and video groups, add it to the X access control list:
xhost si:localuser:<username>and then run the application with:
sudo -u <username> -H <application>Offline