On Saturday 4 February 2017 11:00:12 PM IST Leonid Isaev wrote:
> > Exactly. If I am running chromium with firejail, which whitelists what
> > chromium can do to the file system(even better with --private); the
> > browser
> > cannot tamper with .profile/.bash_profile or .ssh.
> 
> See, this is the problem: Why would a browser need these files? File access
> should only be possible with user interaction (via a file-open dialog).

Ideally, it doesn't. But programs have bugs and its nice to restrict them if 
those happens.

Chromium just just an example. Here is something firejail(again an example 
sandbox) would prevent.

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

-- 
Regards
 Shridhar

Reply via email to