Quote:
firefox for paranoid people.
If firefox has a separate useraccount you can still browse the
internet but if firefox gets hacked it won't affect the contents
of your homedir, or rather the safety of your data.
So how do you set that up:
1) Make a useraccount for firefox:
$ sudo groupadd browser
$ sudo useradd -m -s /usr/local/bin/firefox-rc -g browser firefox
2) Add a line like this line with visudo:
han ALL=(ALL) NOPASSWD: /usr/bin/su - firefox
3) Copy your ~/.mozilla, your ~/.gtk* and ~/.font* ~/.Xdefaults to ~firefox
$ sudo cp -R ~/.mozilla ~/.gtk* ~/.font* ~/.Xdefaults ~firefox
4) Create a tmpdir for firefox
$ sudo install -d -m 700 ~firefox/.tmp
5) Set the right ownership for the firefox homedirectory.
$ sudo chown -R firefox:browser ~firefox
6) Save this script as /usr/local/bin/firefox-wrapper
#!/bin/sh
PATH=$PATH:/usr/X11R6/bin
FOXBIN=/usr/local/bin/firefox
if ! pgrep -x $FOXBIN; then
xhost +si:localuser:firefox
sudo /usr/bin/su - $FOXBIN &
fi
7) Save this script as /usr/local/bin/firefox-rc
#!/bin/sh
export DISPLAY=:0.0 LC_ALL=en_GB TMP=~/.tmp TMPDIR=~/.tmp
xrdb -load ~/.Xdefaults
/usr/local/bin/firefox
8) Give the scripts the right permissions.
$ sudo chmod 755 /usr/local/bin/firefox-rc
$ sudo chmod 755 /usr/local/bin/firefox-wrapper
9) Run the script. If things go wrong run it from an xterm to see
what happens.
$ firefox-wrapper
|
I think the instructions might differ a little for OpenBSD, but in general is this method something that's worth it?