From owner-freebsd-security@FreeBSD.ORG  Wed Nov  8 14:08:04 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5D37816A415
	for <freebsd-security@freebsd.org>;
	Wed,  8 Nov 2006 14:08:04 +0000 (UTC)
	(envelope-from freebsd-security-local@be-well.ilk.org)
Received: from mail6.sea5.speakeasy.net (mail6.sea5.speakeasy.net
	[69.17.117.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 086F343D46
	for <freebsd-security@freebsd.org>;
	Wed,  8 Nov 2006 14:08:03 +0000 (GMT)
	(envelope-from freebsd-security-local@be-well.ilk.org)
Received: (qmail 27022 invoked from network); 8 Nov 2006 14:08:03 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-security-local@be-well.ilk.org>)
	by mail6.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-security@freebsd.org>; 8 Nov 2006 14:08:03 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id ABA8628433; Wed,  8 Nov 2006 09:08:02 -0500 (EST)
To: "mal content" <artifact.one@googlemail.com>
References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com>
	<8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com>
From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>
Date: Wed, 08 Nov 2006 09:08:02 -0500
In-Reply-To: <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com>
	(mal content's message of "Wed, 8 Nov 2006 12:41:52 +0000")
Message-ID: <44irhq6ngd.fsf@be-well.ilk.org>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-security@freebsd.org
Subject: Re: Sandboxing
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2006 14:08:04 -0000

"mal content" <artifact.one@googlemail.com> writes:

> On 08/11/06, mal content <artifact.one@googlemail.com> wrote:
>> Hi.
>>
>> This is mostly hypothetical, just because I want to see how knowledgeable
>> people would go about achieving it:
>>
>> I want to sandbox Mozilla Firefox. For the sake of example, I'm running it
>> under my own user account. The idea is that it should be allowed to
>> connect to the X server, it should be allowed to write to ~/.mozilla and
>> /tmp.
>>
>> I expect some configurations would want access to audio devices in
>> /dev, but for simplicity, that's ignored here.
>>
>> All other filesystem access is denied.
>>
>> Ready...
>>
>> Go!
>>
>> MC
>>
>
> I forgot to add: Use of TrustedBSD extensions is, of course, allowed.

Putting an X Windows application in a sandbox is kind of silly.  After
all, X has to have direct access to memory.  A virtual machine
approach, with a whole virtual set of memory, might make more sense.
I use that (via qemu), although not for exactly the same reasons.