Sandbox your browser on a linux system



While I was reading about browser sandboxing coming up in Vista and musing about how easy or difficult it would be to sandbox OTHER 3rd party applications, I found a comment on a ZDNet post that I think I’ll just copy directly (of course, giving credit to the poster…) Of course, with the user seperation under linux, individual users have NO access to other users folders by default. ONLY the administrator can access individual user folders. So, you obviously don’t want to run a web browser as the administrator (root), but you could setup another user account to run your web browser under if you’re particularly concerned about isolating it from NOT just the system files, but YOUR files as well.


There are other ways to do this as well, some as complicated as running vmplayers browser appliance, or doing your own chrooted install of a browser, etc. etc. etc. However, the solution provided for sandboxing was really a very simple and straightforward approach.

I’m sorry it isn’t a default setting but this issue is no edge for over the horizon (… Vista?). The things necessary won’t be done by mom and pop but I’m sure that George can do it and any sufficently motivated Linux distribution could set it up as default today.

Step 1: Set up a new user account. For purposes of illustration, call it ‘sandbox.’

Step 2: Tell the browser to always run out of ‘sandbox.’ I’ll describe how to do that using SuSE with KDE. First, right click on the icon for your browser. Second, click on the application tab. Third, click on the advanced button. Fourth, click the ‘run as different user’ button. Fill in the user name ‘sandbox.’

Step 3: Close the command line interface. I never told you to use that in the first place. ;-)
Posted by: palmwarrior Posted on: 03/23/06

Thanks to palmwarrior. I’ve got to say, I make use of konquerors “run command”, “run as a different user” ALL the time on another linux desktop I visit frequently. my main goal is running the web browser as MY user instead of the logged in user, so that any remembered passwords, etc are kept under MY profile instead of whoever is logged in at the time. But it could just as easily be used to sandbox ANY application. Of course, what’s described above is a bit different than the “run command” box, but a setting that can be made for any desktop link.

Nice.

Related Posts

Blog Traffic Exchange Related Posts
  • Zoneminder for a linux based home security DVR system This is filed under security, but a slightly different angle than the usual computer security articles. I just ran across a link I've kept to Zoneminder. Zoneminder is a neat linux application to help you setup your very own DVR (digital video recorder) for a security camera type (CCTV ?)......
  • Sendmail mail queue backed up Sendmail is not my favorite MTA. I really prefer Postfix, but... I have to use sendmail in a few situations. I've run a little script on the web server for a good while to monitor the mail queue. I was running into a problem where I had LOTS of messages......
  • VMware guest unable to access USB devices I ran into this some time back and found the solution a few months later and was reminded today to document it here.... The situation is this... Linux host for VMWare server, the guest machine has usb support and in vmware, you can go to VM, Removable devices and in......
Blog Traffic Exchange Related Websites
  • FireFox 3 FireFox 3 Launches Download Day Arrives Today June 17th at 10AM PST marks the long promised FireFox 3.0 Download Day Release. Up to 5 million downloads are expected to occur which if reached, would set a Guinness World Record for the most single piece of software downloads in a single......
  • Google Chrome, Firefox, Internet Exlporer, Safari... WHICH INTERNET BROWSER DO I USE?! Unless you spend a lot of time reading the specifications and hard details of internet browsers, you probably don't know what half of internet browser reviewers are talking about.  When I read that Google Chrome uses the latest NVIDIA 8600 Graphics Unit, my head starts to explode a little.  And......
  • My New Post Run Drink - Thai Tea [sort of] I started drinking a post-run drink inspired by Thai Tea. I've been using brewed loose Jasmine Tea for this purpose... Fill 16 oz glass full of crushed ice Pour brewed Jasmine Tea cooled to room temperature to about 90% of the glass. Pour 3 Splenda(TM) packets in the glass. Fill the remainder......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site