From owner-freebsd-security@FreeBSD.ORG Wed Nov 8 14:23:17 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C64E516A492 for ; Wed, 8 Nov 2006 14:23:17 +0000 (UTC) (envelope-from erikt@midgard.homeip.net) Received: from ch-smtp01.sth.basefarm.net (ch-smtp01.sth.basefarm.net [80.76.149.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 316C443D68 for ; Wed, 8 Nov 2006 14:23:13 +0000 (GMT) (envelope-from erikt@midgard.homeip.net) Received: from c83-253-29-241.bredband.comhem.se ([83.253.29.241]:55216 helo=falcon.midgard.homeip.net) by ch-smtp01.sth.basefarm.net with smtp (Exim 4.63) (envelope-from ) id 1GhoKe-0007er-3o for freebsd-security@freebsd.org; Wed, 08 Nov 2006 15:23:12 +0100 Received: (qmail 76514 invoked from network); 8 Nov 2006 15:23:06 +0100 Received: from owl.midgard.homeip.net (10.1.5.7) by falcon.midgard.homeip.net with SMTP; 8 Nov 2006 15:23:06 +0100 Received: (qmail 64741 invoked by uid 1001); 8 Nov 2006 15:23:06 +0100 Date: Wed, 8 Nov 2006 15:23:06 +0100 From: Erik Trulsson To: Lowell Gilbert Message-ID: <20061108142306.GA64711@owl.midgard.homeip.net> Mail-Followup-To: Lowell Gilbert , mal content , freebsd-security@freebsd.org References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com> <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com> <44irhq6ngd.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44irhq6ngd.fsf@be-well.ilk.org> User-Agent: Mutt/1.5.13 (2006-08-11) X-Scan-Result: No virus found in message 1GhoKe-0007er-3o. X-Scan-Signature: ch-smtp01.sth.basefarm.net 1GhoKe-0007er-3o 5689e50134410c4b3fe3ee10c0263b17 Cc: freebsd-security@freebsd.org, mal content Subject: Re: Sandboxing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Nov 2006 14:23:17 -0000 On Wed, Nov 08, 2006 at 09:08:02AM -0500, Lowell Gilbert wrote: > "mal content" writes: > > > On 08/11/06, mal content wrote: > >> Hi. > >> > >> This is mostly hypothetical, just because I want to see how knowledgeable > >> people would go about achieving it: > >> > >> I want to sandbox Mozilla Firefox. For the sake of example, I'm running it > >> under my own user account. The idea is that it should be allowed to > >> connect to the X server, it should be allowed to write to ~/.mozilla and > >> /tmp. > >> > >> I expect some configurations would want access to audio devices in > >> /dev, but for simplicity, that's ignored here. > >> > >> All other filesystem access is denied. > >> > >> Ready... > >> > >> Go! > >> > >> MC > >> > > > > I forgot to add: Use of TrustedBSD extensions is, of course, allowed. > > Putting an X Windows application in a sandbox is kind of silly. After > all, X has to have direct access to memory. The X *server* needs direct access to memory. X clients (like Firefox or just about any other application using X) does not need direct access to memory. They don't even need to run on the same machine as the X server. > A virtual machine > approach, with a whole virtual set of memory, might make more sense. > I use that (via qemu), although not for exactly the same reasons. -- Erik Trulsson ertr1013@student.uu.se