You should not use the -Y option to ssh. It gives your 'firefox' session acess to your main X session through the ssh X tunnel (and the DISPLAY environment variable).
See http://gouloum.fr/doc/desktop_sec.html for a similar approach (using sudo instead of ssh to switch users). On Dec 2, 2012 5:55 AM, "Robert Connolly" <rob...@secondfloor.ca> wrote: > Hello. > > In an effort to isolate Firefox (or any graphical browser) from my user > account, I have added a 'firefox' user and group, added 'firefox' user to > sshd_config to allow x11 forwarding, and ran the following commands: > $ Xephyr :1 > $ ssh -Yf firefox@localhost firefox --display :1 > > This can be made nicer with a window manager, but I don't think that is > important here. > > From what I understand, this will prevent Firefox from having access to my > display, such as keystrokes and mouse movement. It will also prevent > Firefox from having access to my go-rwx files, and modification permissions > to my files. This sounds like all of the isolation I want from Firefox, > while still being able to use it. > > I would like to know if I am missing or forgetting anything. I don't think > a chroot for Firefox will gain me much. Other options include using pf and > systrace, but again I don't think this would gain me much. > > Thanks