From owner-freebsd-security@FreeBSD.ORG Thu Nov 9 08:48:43 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B4FC16A403 for ; Thu, 9 Nov 2006 08:48:43 +0000 (UTC) (envelope-from lsc@prgmr.com) Received: from luke.xen.prgmr.com (luke.xen.prgmr.com [38.99.2.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3A8B43D49 for ; Thu, 9 Nov 2006 08:48:42 +0000 (GMT) (envelope-from lsc@prgmr.com) Received: from luke.xen.prgmr.com (localhost [IPv6:::1]) by luke.xen.prgmr.com (8.13.3/8.13.3) with ESMTP id kA98mUni002533; Thu, 9 Nov 2006 00:48:30 -0800 (PST) Received: from localhost (lsc@localhost) by luke.xen.prgmr.com (8.13.3/8.13.3) with ESMTP id kA98mThe021794; Thu, 9 Nov 2006 00:48:29 -0800 (PST) X-Authentication-Warning: luke.xen.prgmr.com: lsc owned process doing -bs Date: Thu, 9 Nov 2006 00:48:29 -0800 (PST) From: Luke Crawford X-X-Sender: lsc@luke.xen.prgmr.com To: mal content In-Reply-To: <8e96a0b90611090017x5375ed18jf3748c685ce8d2a6@mail.gmail.com> Message-ID: References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com> <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com> <44irhq6ngd.fsf@be-well.ilk.org> <20061108142306.GA64711@owl.midgard.homeip.net> <8e96a0b90611082359jbc85b37kad6109a0aa87598@mail.gmail.com> <8e96a0b90611090017x5375ed18jf3748c685ce8d2a6@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Thu, 09 Nov 2006 14:03:27 +0000 Cc: Lowell Gilbert , freebsd-security@freebsd.org Subject: Re: Sandboxing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Nov 2006 08:48:43 -0000 On Thu, 9 Nov 2006, mal content wrote: > On 09/11/06, Luke Crawford wrote: >> man jail(8) > A full jail is quite extreme, don't you think? Besides, it'd be tricky to > allow > a jailed program to write to ~/.mozilla and /tmp. Not really. well, it would be difficult to let it write to both ~/.mozilla and /tmp unless your homedir is under /tmp, what I would do is run mozilla under ~/mozilla and use that as the jail chroot. give it an internal IP and connect via X over IP if you want... or figure out how to put the named pipe unter ~/.mozilla (I'm not going to look it up for you, but there is a way... your jail system can't write outside the jail, but your non-jail system can write into the jail, so you might even be able to do it with a simple symlink.) jail is the best sandbox FreeBSD has; if that's to heavy, simply run it setuid to another user that doesn't have permission to anything- it's not as good of a sandbox, but it's lightweight.