Computer Tips -Tech Info

While I was reading about browser sandboxing coming up in Vista and musing about how easy or difficult it would be to sandbox OTHER 3rd party applications, I found a comment on a ZDNet post that I think I’ll just copy directly (of course, giving credit to the poster…) Of course, with the user seperation under linux, individual users have NO access to other users folders by default. ONLY the administrator can access individual user folders. So, you obviously don’t want to run a web browser as the administrator (root), but you could setup another user account to run your web browser under if you’re particularly concerned about isolating it from NOT just the system files, but YOUR files as well.

There are other ways to do this as well, some as complicated as running vmplayers browser appliance, or doing your own chrooted install of a browser, etc. etc. etc. However, the solution provided for sandboxing was really a very simple and straightforward approach.

I’m sorry it isn’t a default setting but this issue is no edge for over the horizon (… Vista?). The things necessary won’t be done by mom and pop but I’m sure that George can do it and any sufficently motivated Linux distribution could set it up as default today.

Step 1: Set up a new user account. For purposes of illustration, call it ‘sandbox.’

Step 2: Tell the browser to always run out of ‘sandbox.’ I’ll describe how to do that using SuSE with KDE. First, right click on the icon for your browser. Second, click on the application tab. Third, click on the advanced button. Fourth, click the ‘run as different user’ button. Fill in the user name ‘sandbox.’

Step 3: Close the command line interface. I never told you to use that in the first place.
Posted by: palmwarrior Posted on: 03/23/06

Thanks to palmwarrior. I’ve got to say, I make use of konquerors “run command”, “run as a different user” ALL the time on another linux desktop I visit frequently. my main goal is running the web browser as MY user instead of the logged in user, so that any remembered passwords, etc are kept under MY profile instead of whoever is logged in at the time. But it could just as easily be used to sandbox ANY application. Of course, what’s described above is a bit different than the “run command” box, but a setting that can be made for any desktop link.

Nice.

Popularity: 2% [?]

   Send article as PDF   

• Remote Tech Support with x11vnc and wrapper script So, the idea is that I wanted something "like" the Ultranvnc Single Click download, only for linux. The main idea being is that if someone is looking for a bit of desktop tech support on linux, we don't need to be giving instructions for 5 different package managers, or source......
• Zoneminder for a linux based home security DVR system This is filed under security, but a slightly different angle than the usual computer security articles. I just ran across a link I've kept to Zoneminder. Zoneminder is a neat linux application to help you setup your very own DVR (digital video recorder) for a security camera type (CCTV ?)......
• Qemu v. 0.8.0 I just happened across The Qemu site and found that qemu v. 0.8.0 has been released *(yesterday). I haven't had a chance to download and try myself, but it looks like the open source virtualization software has had quite a few improvements. Among the most interesting I see are initial......

• Training to Run the Right Way When competing in a race which involves running, there are a few different pointers which need to be kept in mind. Some people feel their normal run in the morning will suffice in training to run. This is wrong because you will not be training yourself higher levels of endurance......
• Run infected exe files without getting infected Don't want to infect your system by executing infected executables? Try Sandboxie then. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. How to run infected files with Sandboxie? 1. Download Sandboxie 2. Navigate to the......
• SUSE Linux Enterprise 11 Released Novell unveiled SUSE Linux Enterprise 11 on Tuesday, with features and capabilities that reflect the company's controversial multiyear agreement with Microsoft. In 2006, Microsoft and Novell agreed to work on improving compatibility between their products, and pledged not to pursue patent claims against each other's customers. The move has been......

Similar Posts

• The Vista stories keep coming – Vista bad news for small security companies
• Running kontact components standalone
• Hiding a user from the Welcome screen in Windows XP
• Opera security patch
• The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 2

This entry was posted on Wednesday, May 10th, 2006 at 10:31 am and is filed under Computers, Linux Tech Support. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.