Wednesday, January 23, 2008


In case you are tired of yet another unknown web browser vulnerability, you might
try firebox. This small script sets up a chroot environment for firefox which then runs
unprivileged, has no access to suid-files, /proc, /dev, /sys etc and can only create files
inside a loopback mount; so possible exploits triggered from evil websites can't modify
your homedir or system-files (as long as theres no kernel-0day of course :-).
Java, flash and all that sh** is not working yet but that might even be an advantage.


frank boldewin said...

well done, herr sepp! ;)

number said...

I agree with you about these. Well someday Ill create a blog to compete you! lolz.

Dwayne Litzenberger said...

Don't forget about X11 holes. Firefox can still talk to your X server (which runs as root and with extra I/O privileges), right?