On Fri, 27 Jul 2012 09:26:45 -0700 (PDT) Ian Melven wrote: > Can you elaborate more on how dbus is used for config ?
When running a sandfox type chroot all kernel backed grsecurity chroot escape prevention features can be enabled without any workaround or errors except for. http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Deny_access_to_abstract_AF_UNIX_sockets_out_of_chroot which is a stronger grsec/pax enforcement that even root can't override without a kernel exploit. I haven't looked into the reasoning in the firefox source code but read on forums and it seems firefox demands dbus for modifying it's configuration files and writing upon exit and also connecting to X11. I was probably a bit strong but it seems odd firefox demanding to use dbus for reading, storing and writing files and if unable exiting. Sandfox sets up the dbus and then attempts to close it afterwards, it's commented I believe. There are various ways of handling the X11 from user mode servers inside the chroot even to KMS mode as a normal user that doesn't require RAW I/O but the dangerous priviledged I/O I guess?? will be needed for graphics drivers like nvidia which you probably can't lock out for your desktop users with gl enabled anyway unfortunately. I didn't do any testing with Chrome because you are not supposed to put an suid executable inside a chroot which chrome uses for it's own pid and syscall sandboxing. I used a different single pid for firefox via a sudo rule on startup. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
