[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tunnel iceweasel?



On Wednesday 26 March 2008, Rich Healey wrote:
> Joost Witteveen wrote:
> > On 24/03/2008, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
> >> On Mon, Mar 24, 2008 at 11:46:56AM +0100, Joost Witteveen wrote:
> >>  > On 23/03/2008, Rich Healey <healey.rich@gmail.com> wrote:
> >>>>
> >>>>         I'm trying to tunnel an iceweasel instance via ssh from one
> >>>>
> >>  > >         of my boxes at my house to remember the name of an add-on i
> >>  > >         installed.
> >>  > >
> >>  > >         The problem is that i create a ssh session (ssh -XC
> >>  > >         ssh.psychotik.info), login and run iceweasel at the bash
> >>  > >         prompt, which takes forever, but then finally *opens a
> >>  > > local iceweasel!!!*
> >>  >
> >>  > I suppose that iceweasel -P uniqueprofilename would do what you want?
> >>  >
> >>  > Also, it's *much* faster use vnc (tunnel through ssh): on the remote
> >>  > host, start: vnc4server on your localhost, start (and login to) ssh
> >>  > -L 5900:server:5901 server
> >>  >
> >>  > and then on the localhost (different window) vncviewer localhost:5900
> >>  >
> >>  > The 5901 portnumer is assuming the vncserver opens a X11 screen on
> >>  > :1. When I start epiphany diretly over X11, it takes about 30 min to
> >>  > show a page; when I do it using VNC as above, it takes seconds.
> >>
> >> I run iceweasel over ssh all the time, however, I don't have it
> >>  installed locally so there's no local version to run.  It may take a
> >> few seconds to give the initial window, but then it displays as fast as
> >> the box can swap.  The network is 100 MB/s ethernet, the box I'm sitting
> >> at is a P-II with 64 MB ram, the box I'm sshing into to run iceweasel is
> >> an AMD Athlon64 with 1 GB ram.  It doesn't even take 30 minutes to show
> >> a page when I ssh from my 486 with 32 MB ram so something is wrong
> >> there.
> >>
> >>  Why would VNC be faster if both are encrypted?
> >
> > No, over a 100Mb/s ethernet, running iceweasel over VNC probably
> > wouldn't be much faster than directly over ssh (and running over an
> > ssh-tunneled VNC connection would of course be slower than straigt
> > VNC).
> >
> > But the OP complained iceweasel was very slow. So I suppose he didn't
> > run it over a direct 100Mb/s connection, but over something slower,
> > probably with larger ping times, ping times of 10-30 ms are enough to
> > make it slow, and with slow, I mean that it can take over 20 min for
> > iceweasel to even start showing the home page.
> > I notice that when that happens, starting iceweasel on the remote site
> > on a VNC X server an watching the output via a VNC viewer is a lot
> > faster. And a lot here means just a couple of seconds to show the home
> > page, instead of 20 min.
> > As the OP reported using ssh, I assumed he didn't want to connect
> > unencrypted (somethign VNC as far as I know does), so I suggested
> > using an ssh tunnel.
>
> Hi, the issue here isn't the speed, and besides, i prefer to have it
> directly connected to my Xserver, rather than runnign in VNC.
>
> The point here isn't eh startup time though, it's that it starts a local
> iceweasel!
>
> In trying to build FF from source on my new 64 bit machine i
> accidentally wound up with a ff3 beta, but running that now also opens
> iceweasel.
>
> Somehow the binary has managed to associate EVERYTHING with itself.
>
> The real thing that does my head in is when i launch FF on another box..
> it still creates a local iceweasel? this should happen AFAIK.. my
> starting a command on that box via should not be able to cause commands
> to be run on my local?
>
> Does this constitute a security issue? i'll see if i can get a PoC
> during the week, even if one couldn't get arbitrary code, one could
> still point the new iceweasel on the host machine to a site witha FF
> exploit.
>
> Now that i think of it.. it would be simple enough to create a free
> shellserver with busybox aliased to a malicious FireFox call in the
> system bashrc.. that'd probably do it.
>
> I'll look into it.

I noticed the same slowness, tunneling via ssh via very fast connections.  
However, if you use the 

	iceweasel -no-remote

it seems to really help.

John


Reply to: