I hadn't seen sandfox before actually - thanks for the tip. This solves part of the problem (restricting filesystem access) and targets Linux - at the moment our project is mostly focused on Windows, as there's where the majority of Firefox users are.
Can you elaborate more on how dbus is used for config ? As far as Linux goes though, there's a lot of work happening with B2G to enable process-per-app and restricting what these app/content processes can do via seccomp. https://bugzilla.mozilla.org/show_bug.cgi?id=746280 "Tracking: Run content processes with lowered rights" is a good bug to follow if you're interested in that i'm hopeful that this work will make it back into Linux desktop Firefox in some form thanks ! ian ----- Original Message ----- From: "Kevin Chadwick" <[email protected]> To: [email protected] Sent: Thursday, July 26, 2012 2:44:24 AM Subject: Re: a sandboxed Firefox > Do you know how other people have solved this with Firefox? I presume you have looked at sandfox. I stripped that down a bit and made it work on a more secure system setup for my purposes. Firefox dbus reliance for the simple task of config is a little annoying here. -- ________________________________________________________ Why not do something good every day and install BOINC. ________________________________________________________ _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
