On 08/17/2011 01:28 PM, Christian Boltz wrote:
Hello,
<< snip >>
The best example is downloading files - if you want to make Firefox really secure, you can limit write access (which includes downloads) to /home/*/downloads/**. However I'm quite sure that you'll then get lots of complaints because of "I can't download files to ~/coolstuff/" ;-)
The alternative that will avoid this complaints is basically this rule: /** rw,
but this isn't really more secure than not having a profile at all. (In fact, someone already posted a modified firefox profile with such a rule in bugzilla - but I'm quite sure this will be rejected upstream.
Instead of /**, you could of course use /home/**, /tmp/**, /var/tmp/** as possible download locations - but that's already what the filesystem permissions make from the /** rule, so it isn't more secure. (A normal user doesn't have write permissions at other places, and if someone runs Firefox as root, well - I don't even want to think about that...)
owner @{HOME}/** rw,
would be even better
Yes, of course - but in practise it doesn't change too much. A normal user (hopefully) doesn't have write permissions in another user's home. And if you don't include /tmp/**, people will probably complain that they can't download a file to /tmp (which might be a valid location for "download, unpack and delete the zip/tarball" downloads).
I know about owner restrictions etc. - but my point is that a firefox profile that makes everybody happy (by allowing storing downloads anywhere) does not really help security-wise. And a "secure" firefox profile (restricted to ~/downloads) will cause lots of complaints ;-)
yep, I have to agree currently firefox and desktop aps in general, are really limited to users who have admin rights and like tinkering, or at least don't mind having some restrictions. currently its the services underneath the desktop that should be targeted. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org