Hello,
If Firefox [root or spot] is configured to request the download location, can anything be downloaded [malicious or clean - possibly except cookies] secretly [i.e without user knowledge] whether running as root or running as spot?
If a download [perhaps an iso, an sfs, a pet, etc,] is executed from within spot, how does that provide more security than if spot had not been used?
Tor does not appear to be included in the mozilla definition for use with spot?
Cheers
Browse as user "Spot"
You couldn't install a PET while you are running your browser as spot. Spot does not have permission to write files to folders like /usr/bin. To install the PET, you would terminate the browser session and go back to being root.ggg wrote:If a download [perhaps an iso, an sfs, a pet, etc,] is executed from within spot, how does that provide more security than if spot had not been used?
Spot couldn't mount an ISO or SFS because it doesn't have rights to /mnt. And you wouldn't be doing that from within a browser session anyway.
So from a security standpoint, you gain nothing by downloading these files as spot.
The real problem with downloading these large files is finding a place to save them. You need a folder with enough free space where spot has write permission.
That's why you have to keep your version of Firefox updated.If Firefox [root or spot] is configured to request the download location, can anything be downloaded [malicious or clean - possibly except cookies] secretly [i.e without user knowledge] whether running as root or running as spot?
The theoretical danger from running your browser as root comes from malicious scripts buried on a web page. If one of these attempted to modify your system, the damage would be limited to the files inside /root/spot. (Unless the script was able to elevate its privilege.)
-
ggg
Hello rcrsn51,
Thank you for your explanations, though with my second question about executing from within spot we may be at cross purposes [because I did not stress that Firefox had been closed before execution]. Then as I can, as root, install/execute a pet [or whatever] that is located within my spot folder; am I right to think that executing from inside spot provides no extra security?
However, it does seem to be safer to use browser spot mode so that secret and malicious downloads, if any, could only be to the spot folder and, I assume, would remain safe there, in a "vault", even after the browser closed so long as there was no deliberate execution.
If you have the time, would you please expound a little further if my interpretation of your explanation is imperfect.
Thank you
Thank you for your explanations, though with my second question about executing from within spot we may be at cross purposes [because I did not stress that Firefox had been closed before execution]. Then as I can, as root, install/execute a pet [or whatever] that is located within my spot folder; am I right to think that executing from inside spot provides no extra security?
However, it does seem to be safer to use browser spot mode so that secret and malicious downloads, if any, could only be to the spot folder and, I assume, would remain safe there, in a "vault", even after the browser closed so long as there was no deliberate execution.
If you have the time, would you please expound a little further if my interpretation of your explanation is imperfect.
Thank you
Correct.ggg wrote:Then as I can, as root, install/execute a pet [or whatever] that is located within my spot folder; am I right to think that executing from inside spot provides no extra security?
Correct. But consider this. The vast majority of Linux users run non-privileged. Yet Firefox is constantly releasing security patches to protect people from the latest exploit. Does that mean that running as non-root does not really offer protection? What do these upgrades protect you from?However, it does seem to be safer to use browser spot mode so that secret and malicious downloads, if any, could only be to the spot folder and, I assume, would remain safe there, in a "vault", even after the browser closed so long as there was no deliberate execution.
-
ggg
Hello rcrsn51,
Thank you very much for your clarification. Having thought hard about your two questions in your final paragraph, I can only suggest that apart from any speed or non-security improvement(s) then possibly Firefox upgrades may sometimes stop some exploitation instead of users having to rely upon "spot-type" isolation? Also, Firefox upgrades for Linux and Windows seem to happen almost concurrently [with seemingly identical version numbering] so on some occasions might the upgrades be aimed at the protection of Windows users rather than Linux users?
Cheers
Thank you very much for your clarification. Having thought hard about your two questions in your final paragraph, I can only suggest that apart from any speed or non-security improvement(s) then possibly Firefox upgrades may sometimes stop some exploitation instead of users having to rely upon "spot-type" isolation? Also, Firefox upgrades for Linux and Windows seem to happen almost concurrently [with seemingly identical version numbering] so on some occasions might the upgrades be aimed at the protection of Windows users rather than Linux users?
Cheers