Hi Martin,
Martin Jambor
Hello,
On Wed, Jul 06 2022, Dan Čermák wrote:
Stefan Seyfried
writes: On 06.07.22 12:11, Dan Čermák wrote:
You don't, but from a security standpoint, you really do want to run your browser as isolated from the rest of your system as possible.
I did not yet look into that crazy new stuff, but is this flatpak thing also doing it like android with an own userid for every program? I'd like to see something like that (with the browser unable to steal my gpg key).
That is the idea, if the flatpak has no permissions to read & write your home directory and has no access to the GNUPG sockets, then it cannot interact with GPG at all.
How difficult is it to enable that when it is desirable (and have it survive updates)?
Specifically, in order to integrate the pass password manager[1] to Firefox, I use a browser plug-in[2] and a "host" script[3] which invokes pass to get the passwords, which internally runs GPG which needs to use the normal gpg-agent which needs access to my (password protected) keys.
I've been thinking of putting FF into some firejail or something before, but was always afraid that the above scheme just would not work. And while isolating browser is good idea security-wise, passing each and every password through clipboard every single time it is used - which is the only alternative I can think of - looks less so.
I personally am using flatseal[1] to give or take permission to or from
flatpaks. As long as your plugin only needs access to files or sockets,
you should be fine by simply allowlisting these sockets or files via
flatseal (you can achieve this via config files as well, I just find the
GUI much simpler here). You can of course also allow the flatpak access
to everything and then no issues should appear, but that would kinda
defeat the purpose of the sandbox.
Hope this helps,
Dan
Footnotes:
[1] https://github.com/tchx84/flatseal
--
Dan Čermák