View Single Post
  #1   (View Single Post)  
Old 6th November 2010
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Default How useful/practical is this for Firefox?

Quote:
firefox for paranoid people.

If firefox has a separate useraccount you can still browse the
internet but if firefox gets hacked it won't affect the contents
of your homedir, or rather the safety of your data.

So how do you set that up:

1) Make a useraccount for firefox:

$ sudo groupadd browser
$ sudo useradd -m -s /usr/local/bin/firefox-rc -g browser firefox


2) Add a line like this line with visudo:

han ALL=(ALL) NOPASSWD: /usr/bin/su - firefox


3) Copy your ~/.mozilla, your ~/.gtk* and ~/.font* ~/.Xdefaults to ~firefox

$ sudo cp -R ~/.mozilla ~/.gtk* ~/.font* ~/.Xdefaults ~firefox


4) Create a tmpdir for firefox

$ sudo install -d -m 700 ~firefox/.tmp


5) Set the right ownership for the firefox homedirectory.

$ sudo chown -R firefox:browser ~firefox


6) Save this script as /usr/local/bin/firefox-wrapper

#!/bin/sh
PATH=$PATH:/usr/X11R6/bin
FOXBIN=/usr/local/bin/firefox

if ! pgrep -x $FOXBIN; then
xhost +si:localuser:firefox
sudo /usr/bin/su - $FOXBIN &
fi


7) Save this script as /usr/local/bin/firefox-rc

#!/bin/sh
export DISPLAY=:0.0 LC_ALL=en_GB TMP=~/.tmp TMPDIR=~/.tmp
xrdb -load ~/.Xdefaults
/usr/local/bin/firefox


8) Give the scripts the right permissions.

$ sudo chmod 755 /usr/local/bin/firefox-rc
$ sudo chmod 755 /usr/local/bin/firefox-wrapper


9) Run the script. If things go wrong run it from an xterm to see
what happens.

$ firefox-wrapper
I think the instructions might differ a little for OpenBSD, but in general is this method something that's worth it?
Reply With Quote