[nmglug] Running desktop apps with restricted permissions
Anthony J. Bentley
anthony at anjbe.name
Thu Aug 20 00:13:57 PDT 2015
Hi,
A few months ago I idly thought about the possibility of a Firefox
exploit giving unfettered access to my personal files. After all,
Firefox is run as my own user, so a compromised Firefox could read
(and sometimes even write to) all files my user account has access to.
But I never did anything about it.
Well, this month a serious exploit in Firefox was patched. Any version
of Firefox older than August 6 is vulnerable to a malicious PDF
exploit that can access your files.
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
This isn't theoretical; there *are* malicious websites that are using
this, *right now*.
Run Firefox as a separate user, though, and this exploit is totally
toothless. Not only that, but any potential future exploits are also
toothless. There's no way that attackers can snag your files if
Firefox is run under a user that just can't access them.
So I started doing it today. It's easy, too! Here's a post describing
how to set it up. Should work on any Unix-like system.
http://lists.dragonflybsd.org/pipermail/users/2015-August/228324.html
--
Anthony J. Bentley
More information about the nmglug
mailing list