[ / / / / / / / / / / / / / ] [ dir / b2 / choroy / fast / kemono / komica / lovelive / randamu / veganism ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Email
Comment *
Verification *
File
Select/drop/paste files here
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

File (hide): 8c196d926b80e57⋯.png (4.4 KB, 215x215, 1:1, hsa.png) (h) (u)

[–]

 No.1065694>>1065698 [Watch Thread][Show All Posts]

Would you mind it if your browser required a password to open a user profile?

In exchange addons, plugins, and settings installed or set by the user on that profile would need to pass an integrity check. No application could change your homepage, install unwanted extensions, etc. Doing so would, at worse, reset to a default of no benefit to a malicious app.

For the devs among us; how would you go about 'securing' userspace addons and settings? Keeping it on on the users machine, can you think of a way with less hassle 'grandma' might use?

 No.1065698>>1065712

>>1065694 (OP)

Just do what mobile browsers do. Every program runs in its own jailed off user account. They can only interact over standardized IPC channels, and then only when they have the user's permission.


 No.1065712>>1065728

>>1065698

I was looking at doing this; I guess one thing I was confused over was how it might work, especially if it's a windows machine.

My initial idea was to, on install, have the user set a password. The password hash would be saved somewhere in the jail account for use as a private key, and on startup run a small daemon on that jail account. The daemon would provide a simple validation api over a local socket. Then, whenever the user would want to change a 'secure' setting (such as search provider or homepage) or install a plugin they would need to enter the password. If it works as expected no password would be needed on startup, only when making changes, and we would just do an integrity check and roll back/disable anything that fails.

My concern comes in running the jailed daemon. Do I make the browser depend on systemd/whatever init? Is that private key truly inaccessible to malicious software? Is windows SOL?

(I don't really care if Windows is SOL, but I'd like the benefit)


 No.1065728

>>1065712

How it works, on windows or wherever, is this: ban the user from installing new software. Create a setuid program that will install software for them. But, this program first creates a new account, and installs it for that account. Instead of running programs directly, the user asks a setuid program to run them, which will first su to the relevant account, then run them as that account. If the user wants to change their homepage, or install software, or whatever, great, they can, because they are the user. If a malicious program (or any program) wants to do these things, they are banned, because their account doesn't have permissions.

>Is that private key truly inaccessible to malicious software?

The only way to make a file inaccessible to a program is to give the program one user, the file another user, and then set the modifiers to 0700 or equivalent.

>Is windows SOL?

All of this is possible on windows. I can give you no advice on how to accomplish it there beyond "install cygwin"



[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
3 replies | 0 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / b2 / choroy / fast / kemono / komica / lovelive / randamu / veganism ][ watchlist ]