On 11/16/2014 11:08 AM, Jonathan Thornburg wrote: > (e) maybe have firefox go through an ssh tunnel to localhost > (f) run firefox as an unpriviliged user _firefox, group _firefox, and > use Unix file permissions to deny that user access to $HOME/
I think these two in conjunction would be sufficient to block a large majority of the possible attacks. (f) is going to require some segregated file structure as a substitute for user's home, for cache, downloads, etc. probably that structure needs to be owned by user with a group_firefox. I've often worried about browsers, even the open source ones. -- Those who do not understand Unix are condemned to reinvent it, poorly.