Run a More Secure Browser

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Comment *

File

Select/drop/paste files here

Password

(Randomized for file and post deletion; you may also set your own.)

* = required field

[▶ Show post options & limits]
Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

Flag

Oekaki

Show oekaki applet
(replaces files and can be used instead)

Options

Do not bump
(you can also write sage in the email field)

Spoiler images
(this replaces the thumbnails of your images with question marks)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File (hide): 6d7f6155e9c56fd⋯.png (99.46 KB, 1074x808, 537:404, Screenshot_2018-09-30_17-3….png) (h) (u)

[–]

▶Run a More Secure Browser Anonymous 09/30/18 (Sun) 21:30:43 No.980294 [Watch Thread][Show All Posts]

Does anyone else run their browser under a different user?


ssh ff@localhost -f "DISPLAY=:0.0 firefox"

https://www.dragonflybsd.org/docs/docs/handbook/RunSecureBrowser/

▶Anonymous 09/30/18 (Sun) 21:31:17 No.980295>>980336

I just use firejail

▶Anonymous 09/30/18 (Sun) 21:36:12 No.980300>>980694

I just whistle the HTTP packages in my 33.6k modem.

▶Anonymous 09/30/18 (Sun) 22:51:33 No.980336>>980342

>>980295

What does firejail in this case that's better?

Looking at https://firejail.wordpress.com/support/ doesn't show firejail to be as robust as the other solution.

Look like it's just a Linux only attempt at possibly bootlegging together real jails.

https://firejail.wordpress.com/support/

>Why on earth should I use Firejail?

>Actually, most of the time you don’t need to learn anything, just prefix your application with “firejail” and run it. This makes Firejail ideal for the regular, not-so-skilled home user.

>not-so-skilled home user.

Oh... ok then.

https://firejail.wordpress.com/

>Firejail is a SUID program

That's nice I guess. :/

▶Anonymous 09/30/18 (Sun) 23:05:47 No.980342>>980370

>>980336

It enables seccomp, blacklists many unnecessary programs and libraries so they can't be executed by the program being firejailed, applies netfilters, blocks certain permissions, mounts temporary overlayFs directories on places like /tmp... it is a much more thorough solution than just sudo-ing a program, although the fact that it uses namespaces and apparently had a root privilege escalation vulnerability back in 2017 make it more of a sidegrade than a straight upgrade.

▶Anonymous 10/01/18 (Mon) 00:39:17 No.980370>>980560

>>980342

So basically a convoluted Linux only solution in a SUID program that isn't any better than running under a less privileged user. So why aren't we just logging in under root and using firejail wrapped around everything we run?

▶Anonymous 10/01/18 (Mon) 10:24:39 No.980560

>>980370

Running under a different user doesn't do seccomp, boy.

▶Anonymous 10/01/18 (Mon) 14:58:36 No.980694

File (hide): 708b535b607e2ad⋯.jpg (11.54 KB, 241x309, 241:309, 1483150658.jpg) (h) (u)