Next follows a quick guide (aka, chuletario) to execute Firefox as an isolated user in Ubuntu (Probably will work with minor or none modifications in Fedora, Mandriva or even MacOSX). Executing as an isolated user will allow to protect (even more) our system from the risks of the Internet. A potencially dangerous remote attack using a flaw in our browser (or a flaw in the plugins installed in our browser or the application used to read mail attachements) will be minimized. A virus/worm/"whatever" will be blocked unless it manages not only to break the browser, but simultaneosly scale privileges using a flaw in our OS kernel (remember the maximum principle of security, "
NO SYSTEM IS SECURE"). To protect our system just follow the next instructions:
- Create a new user with a command similar to:
adduser internetBrowsing
-
Using you favorite text editor (gedit, vim/gvim, nano, ...) write a script similar to the next one:
#!/bin/bash
xhost local:
su -c "firefox 1>/dev/null 2>&1 &" internetBrowsing
xhost local: will allow local users access to the X session.
Change 'firefox' by the name of your favorite browser (chrome, chromium-browser, opera, ...). (But don't forget that firefox is best than your favorite browser in such case :) ).
Save it and mark it as executable by executing in a terminal:
chmod u+x launchBrowser.sh
-
Add our new user to the audio group to allow it access to sound card. Edit the file '/etc/group' (in a terminal execute
sudo gedit /etc/group
and add the new user internetBrowsing to the audio group. The /etc/group file must look similar to:
cat /etc/group | grep firefox
...
...
audio:x:29:pulse,internetBrowsing
...
...
(WARN: Do not delete anything in this file, just add internetBrowsing to the audio group)
-
Finally just execute the script in a terminal by typing:
./launchBrowser.sh
or create a launcher in the desktop.
No comments:
Post a Comment