On 03-05 04:18, Tomasz Rola wrote: > On Wed, Mar 04, 2020 at 02:06:40AM +0100, [email protected] wrote: > > Hi, > > in the following message: > > https://marc.info/?l=openbsd-misc&m=158110613210895&w=2 > > Theo discourages to use unveil instead of chroot. > > I asked if he suggests the same for the browser but he asked that chroot > > is onlye for *root*. > > Then what should I do to hardening the most exposed piece of code that > > we use everyday ? > > Now I'm using unveil+chrome... > > Thank you. > [....] > As of me, I use the trick with multiple users for different roles > (similar to other person who posted in this thread). I also employ > noscript in some of the roles.
I just leave javascript off for usual browsing, with a tab sitting open in chromium or iridium to turn it on for the occasional temporary need, or added to the browser's exception list to allow permanently for certain sites. This partly because it seems easy, and partly since I probably won't know if a browser extension is sold to a malicious entity, or otherwise compromised (so, seems a smaller attack surface, but still usually convenient.) > Actually my browsing routine now employs more primitive browsers. Yes, sometimes, if practical. -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
