On Wed, 4 Mar 2020 at 01:06, <whistlez...@riseup.net> wrote: > > Hi, > in the following message: > https://marc.info/?l=openbsd-misc&m=158110613210895&w=2 > Theo discourages to use unveil instead of chroot. > I asked if he suggests the same for the browser but he asked that chroot > is onlye for *root*. > Then what should I do to hardening the most exposed piece of code that > we use everyday ? > Now I'm using unveil+chrome... > Thank you.
Probably not what you were looking for but, back in the days when I was ultra paranoid about my web browsing, I used to use stripped down live usb installations of Linux distros (DSL was one of them that I remember). I ignore if OpenBSD comes with such a solution out the box, but I'm sure it wouldn't be difficult to make your own read-only install. Then, you could either reboot from it or run it through an emulator. -- Ottavio Caruso
