Re: sudo and firefox (was: Off-topic: Gmail Grrrr.)
Hi.
On Wed, 25 Dec 2013 07:33:53 +0100
Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
> On Wed, 2013-12-25 at 10:15 +0400, Reco wrote:
> > b) That sneaky sandbox user can override firefox with something
> > like /home/user9-boxed/bin/firefox, which is bad.
>
> Here we are again ;).
>
> Using a profile, supported by firefox, is the easiest and securest way.
An ability to read and write an arbitrary file in user's $HOME cannot be
called 'secure'.
And even if I'd trust browser (firefox is a free software, after all),
there is a matter of plugins.
>
> I only use another user, instead of a profile, if I need a password,
> e.g. to make a history including adult content unavailable for kids.
And that assumes you're keeping browsing history. Why people are doin'
this is something that I can never understand.
Still, even if we disregard this 'browsing history' topic, there is a
matter of online advertisement, which is known to show banners based on
a user habits. And IMO not all children should see all these
banners.
>
> If you care for security, this is one reason to prefer profiles.
If I'd care for security that much, I'd use LXC for running a browser.
Since I'm lazy, I just use a couple of accounts.
>
> Btw. somebody on this list once called it a sledgehammer and I agree,
> but if I don't use a profile, but another user then I don't care:
>
> xhost +
> gksudo -u chuser "$*"
> xhost -
> exit
>
> I still don't understand what's bad with using profiles. A profile
> doesn't have any drawback.
See above.
Reco
Reply to: