[lug] Firefox chroot

Daniel Webb lists at danielwebb.us
Mon Feb 26 01:23:53 MST 2007


After reading about so many Firefox exploits, it occurred to me that it is
probably the most insecure thing I use by far.  I created a little Debian Etch
install with debootstrap and only installed locales and firefox.  Does it make
a bit of difference?  Mainly, I'd like to keep an attacker from being able to
view or delete the contents of my home directories.

I'm especially thinking about the X connection which Firefox obviously has to
have.  If an application doesn't have focus from the window manager, can it
still see the keystrokes going through the X server (Xvnc in my case)?  In
other words, if Firefox can see everything I'm typing even if I'm in a xterm
in a different window, there probably isn't much point in what I'm doing.  The
window manager is not running in the chroot jail, it's running on the main
system, of course.  I'm currently just using TCP/IP for the X connection (I
assume), is a socket connection faster?  I also assume I can just hardlink the
appropriate /tmp/.X11-unix socket, but I'm not really sure and haven't tried
yet since it's working.




More information about the LUG mailing list