1

Question: I would like to know if it is good protection to browse the net using a non sudo, basic user account, on my Linux distro against webpage exploits such as scripts and other cross-platform threats based on HTML, Java, JavaScript, PDF, Perl, Ruby, Php or even SWF (Adobe Flash) for example ?

I'm asking you and myself the same question in regards to a sudo user that would have to enter a password each time he uses sudo.

Thanks for your help !

MFJC
  • 123
  • 5

2 Answers2

1

Security is a question of layers.

The non-su user with the least elevated privileges is one layer to reduce attacks.

A continuously patched browser which makes every effort to minimize system risk through sandboxing and other techniques is the next layer.

A hardened OS that encapsulates the browser and prevents stack/heap/privilege based attacks is the next layer.

A content filtering system (either in the browser, on the machine, or at the gateway level) is the next layer.

A breakdown at the browser or OS level would circumvent everything you have tried to achieve by reducing privilege level for the user.

Jean-Michel Florent
  • 140
  • 2
  • Thanks for your input ! Regarding sandboxing, would Chromium qualify as that browser that makes every effort to minimise system risk ? How can I encapsulate the browser ? By content filtering system do you mean a firewall ? – MFJC May 04 '17 at 20:26
  • Chrome yes, also because it works to continuously update. I understand the appeal of Chromium and the desire to leave out the tight google integration but you lose the automated updating. For encapsulating I would suggest something like AppArmor. – Jean-Michel Florent May 04 '17 at 21:33
  • Thanks i'll investigate all this ! What did you mean by content filtering, a firewall ? – MFJC May 04 '17 at 21:42
  • What about SELinux, is it also a good option or overkill ? Can it run side-by-side with AppArmor ? – MFJC May 04 '17 at 22:04
  • basically the computer would have an ARM processor, and would only be dedicated to browsing the net, in a "human"-shield kind of way. The problem is that if I want to use AppArmor or SELinux I have to cross-compile the kernel to add stuff they need in there and it's a bit out of my league at the moment. My main concern is that he device gets a malware that could then spread to other devices on the network, but it's an ARM proc and the others are x86, so **I assume it would be pretty hard to find a malware that can transition from one architecture to the other, correct?** – MFJC May 05 '17 at 12:20
0

Yes its a good idea, but:

  • privilege seperation just provides containment of the malware - so if you are hit by a drive by when visiting dogywarez.org then that malware may exploit a subsequent interaction with yourbank.com or other services you access using the account. You might consider using multiple accounts for different activities.

  • While Linux distributions mostly limit the changes to underlying system, both Firefox and Chrome/chromium are designed to allow the user to make a lot of changes to the behaviour which are stored within the users home dir

  • in theory, running a X window client with a reduced privileged user offers some access for this client to other clients running in the same X window display - even if they are running as different users. However it is somewhat dificult to exploit this in practice, and it certainly provides a lot more isolation than running as the same user.

I'm a bit confused by what you mean by a "sudo user" - do you mean a user whom can invoke sudo to run tasks with a different privileged or an account which is accessed using sudo? If you mean the latter - and running the browser / any other clients with that privilege, then the password is somewhat redundant - you are using sudo to control the sandbox, there's nothing in the sandbox that needs to get out.

symcbean
  • 18,418
  • 40
  • 74
  • Regarding your 2nd point, how can I make sure that Chromium doesn't modify anything important ? I didn't understand your X Window point however :/. To reply to your question, when I said "sudo user" I meant a user that has sudo privileges. What do you mean "there is nothing in the sandbox that needs to get out" ? – MFJC May 04 '17 at 20:23