all Linux capabilities are explicitly dropped, as an additional barrier against privilege escalation.seccomp-bpf is also used to restrict the permitted socket protocols (to only IPv4, IPv6, UNIX and netlink).the range of permitted system calls is greatly restricted, via a comprehensive seccomp-bpf filter, and any attempt to call one of the restricted functions causes immediate termination of the process.the parent "desktop" X11 server is not accessible its sockets ( including its abstract UNIX domain socket) are masked through the use of file and network kernel namespaces, thereby e.g., preventing keylogging etc.Note that when deployed in this manner, firefox remains fully functional (so e.g., HTML5 videos on YouTube still work, as shown above), but runs in a highly 'locked-down' environment (aka 'sandbox'), wherein: The screenshot below shows an X11-sandboxed Firefox browser in use:įirefox Running in an X11 (Firejail/Xephyr/OpenBox) Sandbox within GNOME 3 (Click to Zoom) The approach described may easily be generalized to other browsers (or indeed applications, for example, mail clients etc.), and will work for both systemd and OpenRC users. they run inside a Linux 'container', thereby inhibiting many other categories of process-level exploit.Īccordingly, in this mini-guide, I will be running through the process of X11-sandboxing the popular, open-source Firefox web browser on your target PC, using the powerful Firejail utility (and Xephyr X11 server-in-a-window).they use their own isolated X11 server, with no access to, or visibility of, the "host" desktop, thereby inhibiting keylogging and similar attacks and.As such, the consequence of even a modest compromise of the web browser on your system can be devastating.įortunately however, with just a little effort, it is possible to effectively 'sandbox' graphical applications, so that: įurthermore - hardening tools such as AppArmor notwithstanding - the very design of the X11 display server underpinning most Linux desktops means that a compromised application can easily log all keystrokes, capture images of the screen, and even inject key and mouse events into any other application running on the same display - and that's just when running as the regular user, without privilege escalation. Whilst selective-execution plug-ins such as NoScript can (and should ) be used to mitigate this risk, they cannot entirely remove it. What is the most vulnerable application on your desktop? For most users, it is the web browser, since - in the picturesque phrase of Nick Congleton - it is "a large and complex piece of software with the ability to execute code, and it accesses the open Internet and executes just about everything that it comes into contact with".
0 kommentar(er)
