Running firefox a bit more safely - HOWTO
dillon at apollo.backplane.com
Tue Aug 11 10:32:58 PDT 2015
As people may know a firefox hack was found in the wild that allows
any accessible file to be read. This hack was due to a bug in
firefox's internal PDF viewer. The exploit that was found in the wild
was trying to snarf developer-related files such as .ssh configuration
files and keys.
We finally have a fix for it for master in dports binaries (upgrading to
Firefox 40.0). The release branch doesn't have this fix yet but we
hope soon. Firefox tends to mess with a lot of packages so a binary
update is the best way. We're asking for a little patience for RELEASE
In the mean time there are a few things you can do quickly:
(1) A quick workaround is to set the PDF reader to 'always ask' and not
use the firefox internal reader. This can be changed in PREFERENCES
(accessed from the upper right side of the browser) -> Applications.
(2) You can switch to something more secure, such as chrome. This
would be the chromium package in binaries. There might be a few
gotchas here particularly with video viewing so YMMV.
I also suggest taking the time to more seriously secure whatever browser
you are using, and I will outline what I have done in this regard below:
What I have done is segregate my browser use into user accounts separate
from my main account. I created three accounts (one for my 'secure'
firefox use, such as accessing bank account, one for general 'unsecure'
browsing, including most of my social media browsing, and one for
my chrome instance which I use for other things).
First make sure your main account(s) are fully protected. For example:
chmod 700 /home/yourmainaccount
Use vipw to create three new accounts I used UIDs 30000, 30001,
and 30002 and called them dfw1, dfw2, and dfw3. Set password to '*'
(no password allowed). /home/dfw1, /home/dfw2, /home/dfw3.
For each one of dfw1, dfw2, and dfw3 (using dfw1 as an example), set
it up so you can ssh into it from your main account.
cp ~yourmainaccount/.ssh/id_rsa.pub /home/dfw1/.ssh/authorized_keys
chown -R dfw1 /home/dfw1
Then from your main account, do a 'ssh dfw1 at localhost -n ls -la' to test
that you've set it up and it works. I'm assuming you are also running
sshd on your system, and I am also assuming that you've set up the
ssh-agent for your main account / X session so you don't need to enter
your local ssh key unlocking password every time you use ssh.
Now you can create scripts that run firefox and/or chrome in these
accounts, separate from your main account. This is what a typical
script would look like:
# script for ~/bin/firefox (assumes ~/bin is in your path)
scp ~/.Xauthority dfw1 at localhost:
ssh dfw1 at localhost -n "setenv DISPLAY :0.0; firefox"
You can then tie these scripts into your GUI as buttons or whatever.
This part is left up to you. You can have a script for each
compartment. I have a script for 'Sfirefox' (my 'secure' firefox),
'Ufirefox', and 'chrome'.
The idea is to start these insecure GUI programs from the side-account
and not from your main account. When started from the side-account,
the instances will not have access to general files in your main account.
* This isn't a perfect solution because, of course, we are giving the
side-account full access to the X session, but it is a lot more secure
than just running firefox in the main account.
* Also note that these applications will be able to use X shared memory
and thus run fairly optimally (they are NOT using an ssh tunnel nor do
we want them to as that would be ridiculously slow). Programs run in
this way will not have direct access to the GPU so 3D might not be
so hot. But for general browsing I haven't had any trouble, and even
with 4K video appears to work about the same as it did before.
* You can set up the GID and group permissions to e.g. access files
and directories in the dummy accounts from your main account without
giving the dummy accounts access to your main account. e.g. for
things like the Downloads directory and so on.
* When you do this separation, the browsers will be in separate
instances. Be sure to setup your browser preferences in each instance.
* I don't recommend copying your old browser config directory from your
main account to these dummy accounts as this will also copy existing
cookies and passwords that you might not want the dummy account to have
access to. Or at least be very careful in this regard.
You can cut and pastes individual bookmarks between firefox's with
a simple drag and drop, and you can cut and paste bookmark folders
by right-click-cut and right-click-paste. You can use this to
redistribute your bookmarks to the new browser instances.
Ultimately we will have better security compartmentalization that will
not require separating applications into dummy accounts, but for now this
is not a bad solution. I feel a lot better now that I've moved my
browser execution off my main account.
I strongly recommend this. The last hack was really the last straw for
me, I will never run a browser from my main user id again :-).
If you are worried about your ssh keys being compromised I also recommend
going through the hassle of changing your ssh keys out and killing the
<dillon at backplane.com>
More information about the Users