Re: most secure graphical browser
On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote: > Most of the replies are missing the point. You do not only want to > protect the rest of your system from your browser. You also want > to avoid your browser doing anything an attacker wants when he > finds an exploit in it. > > If you try to solve the problem with virtualization, different > users or another solution like that, you would have to run > multiple browsers for different sites to avoid browser exploits > causing trouble. Of course, it is always better to run network > applications as a different user than yourself, but browser > exploits are somewhat hard to contain that way since the things > attackers want may be in the browser itself (cookies or, hopefully > not, saved passwords). > > I have to restate what I wrote in another thread: looking at the > security record of the popular browsers it is scary we use them > for online banking and other security-critical functions so > carelessly in our everyday life. This is why I use Firefox for general web browsing (although I too use a separate "safe" browser profile for financial stuff). The NoScript and Cookie Monster extensions make it relatively easy to manage site whitelists for scripting and cookie permissions in Firefox, respectively, and NoScript also lets you selectively allow Flash and other plugins, which can help ease concerns about Flash cookies and other potential privacy issues. And if you must allow Google to keep session cookies on your browser, the Customize Google extension can randomize your UID after each query in order to prevent Google from building a comprehensive record of your Web searches. So Firefox might not be the very best browser with respect to buffer overflows and other local application security issues, but if you stick it in a chroot jail and install a few of its better extensions, you'll have one of most "secure" browsing experiences available, taking into account both remote code execution and generic web privacy / XSS / XSRF threats. (Just make sure to set `network.cookie.cookieBehavior=1` and especially `network.prefetch-next=false` in `about:config` before you go anywhere... come on, Mozilla, what the heck happened to sensible defaults? Take a cue from the OpenBSD team ;) ) -- Mark Shroyer http://markshroyer.com/contact/
Re: most secure graphical browser
On Fri, 18 Jan 2008 15:14:05 + (UTC) Alexey Vatchenko <[EMAIL PROTECTED]> wrote: > On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote: > > Alexey Vatchenko wrote: > >> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > >> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > >> >> If you want security, get rid of X. > >> >> > >> > Even if it's OpenBSD's X? The one that you need should you need to > >> > build any ports (including if you follow current and need > >> security fixes > >> > to any ports)? > >> > >> http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > > > Making X and no-X versions of everything has gotta be a pain. > > The security problem with X is that the (blobby?) video > > card has got better access to memory than the OS. > > The problem is not in blobbyness (all drivers that come with OpenBSD are open > sourced), the problem is that the userland program (X server) has access to > the > things that must be allowed only to kernel. > > -- > Alexey Vatchenko > http://www.bsdua.org > > I assume that anything I run X on is "insecure". In fact, I don't believe you can keep anything meaningful secret. Just the same, I use OpenBSD because it offers a more stable platform, not because I've got dirty underwear to hide. Dhu
Re: most secure graphical browser
Well short of building yourself into a faraday cage there is not much you can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a similar technique can be applied to LCD's. I am guessing sniffing LCD's is probably an order of magnatude more difficult than CRT tho. On 21/01/2008, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote: > > Most secure goes a long way. I run firefox on a sepperate user > > account. I doubt it's the most secure solution but it sure is > > quite a bit more secure, and I'm quite sure you really don't want > > to the most secure solution. :-) > > > > http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people > > That still leaves open a lot of possibilities for mischief [1]. Don't > run trusted and untrusted programs on the same X server! > > Joachim > > [1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes, > taking 'screenshots', and the like. Not things that are acceptable for a > 'secure' desktop. > -- > TFMotD: flex (1) - fast lexical analyzer generator
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote: > Most secure goes a long way. I run firefox on a sepperate user > account. I doubt it's the most secure solution but it sure is > quite a bit more secure, and I'm quite sure you really don't want > to the most secure solution. :-) > > http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people That still leaves open a lot of possibilities for mischief [1]. Don't run trusted and untrusted programs on the same X server! Joachim [1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes, taking 'screenshots', and the like. Not things that are acceptable for a 'secure' desktop. -- TFMotD: flex (1) - fast lexical analyzer generator
Re: most secure graphical browser
On Sat, Jan 19, 2008 at 08:24:27AM +0100, ropers wrote: > On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > may just be very insecure. Which is it? You can't tell without looking > at the details, or asking somebody who has done so. Your specific > questions to this list about Dillo et al. are quite valid in that > regard, but your generalised question "Is a browser with a long > history of few security bugs more or less secure than a browser with a > long history of many security bugs?" really can't be answered. It > depends. I agree ropers. It seems that nobody has "looked at the details" and nobody who has done so has said so in this thread.I may as well go with Konqueror (for the feel I like) and Firefox (for sites that don't work with Konq) and be done with it. Thanks all. Doug.
Re: most secure graphical browser
On Sat, 19 Jan 2008, Jona Joachim wrote: > On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote: > > Talking about brainfucked bank sites... > My bank checks for the browser's user-agent: Firefox on win32 an Linux > passes, Firefox on *BSD is denied access, unless you change the > user-agent string... > I sent them a mail explaining them why this utter nonsense and I just > got a standard reply. > > Jona > Just change the user agent string, .. UserPrefs is great for that. There's absolutly no way you could get through to anyone that gives a damn anyway, so don't wast your time > -- > "I am chaos. I am the substance from which your artists and scientists > build rhythms. I am the spirit with which your children and clowns > laugh in happy anarchy. I am chaos. I am alive, and tell you that you > are free." Eris, Goddess Of Chaos, Discord & Confusion" > > Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: most secure graphical browser
On Friday 18 January 2008, Joel Wiramu Pauling wrote: > > in the end a scrubbing proxy would be a good idea if your uber > > paranoid. > > > > does your bank not use SSL? or do you have some scrubbing proxy > > that you trust enough to MITM connections to your bank? > > No but having a scrubbing proxy reduces the chances of the browser > picking up anything nasty on the stream of consciousness browsing > sessions that are sure to ensue. You could of course also have the > proxy restrict access to anything but your banking sites, but then > again there are simpler ways to do this. All in scrubbing proxies, > for ad's malware, and just for ACL controls are good ideas. Of course > when combined with sane firewall policies etc as well. Stuart, Whether or not your bank uses SSL is (unfortunately) irrelevant. Banks do get hacked and banks do distribute malware to their customers. This exact thing happened to the Bank of India last year. http://www.malwarehelp.org/news/View.php?ArticleID=6199 You don't need to be uber-paranoid to use a scrubbing proxy, yet as you mentioned, it is a MITM, and should be vetted before use. kind regards, jcr
Re: most secure graphical browser
On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > As for the security record of popular browsers, this is the question. > Is a browser with a long history of few security bugs more or less > secure than a browser with a long history of many security bugs? > Someone suggested that Dillo, with a long history of few bugs, with a > simple design, may be more secure. > > Also note that I'm specficially looking at graphical browsers here and > "banking" may not be the best exemplar since hopefully the OBSD base > Lynx will work for that. You obviously can't generalise. Simply counting the number of disclosed(!) vulnerabilities, and maybe the time till they're fixed, can give you some indications, but even though it's frequently done, and even though these numbers are frequently bandied about **cough** Secunia **cough**, seriously or exclusively relying on them is amazingly bad science. You already observed that a larger number of disclosed bugs may be indicative of more active and responsive development for a more popular product (sometimes more popular for a reason), or the software may just be very insecure. Which is it? You can't tell without looking at the details, or asking somebody who has done so. Your specific questions to this list about Dillo et al. are quite valid in that regard, but your generalised question "Is a browser with a long history of few security bugs more or less secure than a browser with a long history of many security bugs?" really can't be answered. It depends. Thanks and regards, --ropers
Re: most secure graphical browser
Dude, you want a proxy with different user ACLs. This is not a browser thing at all. 2 firefox profiles will do the same thing, each having a different proxy user set. Hell have 2 user accounts on your entertainment box, and ssh -X [EMAIL PROTECTED] when you want to bring up your secure account. Keep the browser off the server box, instead put a filtering proxy of it. But hey its your life, do what you want.
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote: > Most of the replies are missing the point. You do not only want to > protect the rest of your system from your browser. You also want to > avoid your browser doing anything an attacker wants when he finds an > exploit in it. > > If you try to solve the problem with virtualization, different users or > another solution like that, you would have to run multiple browsers for > different sites to avoid browser exploits causing trouble. Of course, it > is always better to run network applications as a different user than > yourself, but browser exploits are somewhat hard to contain that way > since the things attackers want may be in the browser itself (cookies > or, hopefully not, saved passwords). > > I have to restate what I wrote in another thread: looking at the > security record of the popular browsers it is scary we use them for > online banking and other security-critical functions so carelessly in > our everyday life. > Right, and I'm only using banking as an example. I'm going to separate totally normal everyday browsing to an "entertainment" box that contains no private data but that also is monitored by the "secure" box for file alterations. As for having an attacker get my browser to do anyting he wants, this is a risk shared by everyone who uses a browser for anything at all. Net browsing on the secure box will be limited to security concious sites, such as internet banking where I wouldn't want anything I do on the site to be monitored by a browser that I had ever visited a more generic site, just to avoid cross-site issues. We can save which box, "entertainment" or "secure", to use for eBay transactions (as opposed to just eBay browsing), for another thread. As for the security record of popular browsers, this is the question. Is a browser with a long history of few security bugs more or less secure than a browser with a long history of many security bugs? Someone suggested that Dillo, with a long history of few bugs, with a simple design, may be more secure. Also note that I'm specficially looking at graphical browsers here and "banking" may not be the best exemplar since hopefully the OBSD base Lynx will work for that. Thanks, Doug.
Re: most secure graphical browser
On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote: > One other note, if your planning on doing any internet banking, your pretty > much stuck with Firefox or Opera (using binary emulation). Haven't tried ie > under wine on openbsd, it may work also. > > Why? Because a lot of the internet banking sites are useless and while > things like konqueror load them, badly hacked together js, and other bits > fail a lot, things you won't notice until you go to do something like a > funds transfer etc. You might be lucky and your banks website isn't ass. But > I would be checking it thoroughly before making a browser decision. Talking about brainfucked bank sites... My bank checks for the browser's user-agent: Firefox on win32 an Linux passes, Firefox on *BSD is denied access, unless you change the user-agent string... I sent them a mail explaining them why this utter nonsense and I just got a standard reply. Jona -- "I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and tell you that you are free." Eris, Goddess Of Chaos, Discord & Confusion"
Re: most secure graphical browser
On Sat, 19 Jan 2008 08:41:18 +1300 "Joel Wiramu Pauling" <[EMAIL PROTECTED]> wrote: > but to me sounds like your making a non-issue into a mole hill. Even > the most limited of hardware can run decent browsers. Why you are > insisting on using your access box, when you have another machine is > beyond me. Ideally just run a browser on your shit hardware, it's not > that big of a deal really, yes mike take ages to load, but meh > who cares. Right on the point!
Re: most secure graphical browser
On 19/01/2008, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2008/01/19 08:47, Joel Wiramu Pauling wrote: > > One other note, if your planning on doing any internet banking, your > pretty > > much stuck with Firefox or Opera (using binary emulation). > > lynx works fine for me. with some of the things that are being > suggested, isn't it easier to just change bank? Sure that would be great. But then again, I might be more inclined to go with who has the best rates. > in the end a scrubbing proxy would be a good idea if your uber paranoid. > > does your bank not use SSL? or do you have some scrubbing proxy > that you trust enough to MITM connections to your bank? No but having a scrubbing proxy reduces the chances of the browser picking up anything nasty on the stream of consciousness browsing sessions that are sure to ensue. You could of course also have the proxy restrict access to anything but your banking sites, but then again there are simpler ways to do this. All in scrubbing proxies, for ad's malware, and just for ACL controls are good ideas. Of course when combined with sane firewall policies etc as well.
Re: most secure graphical browser
On 2008/01/19 08:47, Joel Wiramu Pauling wrote: > One other note, if your planning on doing any internet banking, your pretty > much stuck with Firefox or Opera (using binary emulation). lynx works fine for me. with some of the things that are being suggested, isn't it easier to just change bank? > in the end a scrubbing proxy would be a good idea if your uber paranoid. does your bank not use SSL? or do you have some scrubbing proxy that you trust enough to MITM connections to your bank?
Re: most secure graphical browser
On 1/18/08, Alexey Vatchenko <[EMAIL PROTECTED]> wrote: > The problem is not in blobbyness (all drivers that come with OpenBSD are open > sourced), the problem is that the userland program (X server) has access to > the > things that must be allowed only to kernel. and if you don't run X, it doesn't need any access at all.
Re: most secure graphical browser
One other note, if your planning on doing any internet banking, your pretty much stuck with Firefox or Opera (using binary emulation). Haven't tried ie under wine on openbsd, it may work also. Why? Because a lot of the internet banking sites are useless and while things like konqueror load them, badly hacked together js, and other bits fail a lot, things you won't notice until you go to do something like a funds transfer etc. You might be lucky and your banks website isn't ass. But I would be checking it thoroughly before making a browser decision. As for security, browser settings in such a way as to flush cookies at the end of sessions, clear cache etc and not store passwords is not a difficult thing, but in the end a scrubbing proxy would be a good idea if your uber paranoid.
Re: most secure graphical browser
dude, from what your saying, then run a browser, in chroot via ssh. To your remote X server. You may also want to rub a scrubbing proxy in that environ, (i.e dans guardian or somesuch). While a chroot is not ideal, it is a step up from running just plain ol unprivileged. And it's not like chroots are difficult or anything. As for browser choice. In the end I would just choose one with the least amount of lib deps to keep your chroot clean. While chroots are not ideal, they do two things which are going to increase your security, 1) they keep the underlying file system out of the way of your real filesystem, so things that might lead to filesystem exploits can't do shit, and 2) keep standard system crap hidden away and minimise the chances of someone on being able to do anything should they be able to exploit a vulnerability in the browser. but to me sounds like your making a non-issue into a mole hill. Even the most limited of hardware can run decent browsers. Why you are insisting on using your access box, when you have another machine is beyond me. Ideally just run a browser on your shit hardware, it's not that big of a deal really, yes mike take ages to load, but meh who cares.
Re: most secure graphical browser
Most of the replies are missing the point. You do not only want to protect the rest of your system from your browser. You also want to avoid your browser doing anything an attacker wants when he finds an exploit in it. If you try to solve the problem with virtualization, different users or another solution like that, you would have to run multiple browsers for different sites to avoid browser exploits causing trouble. Of course, it is always better to run network applications as a different user than yourself, but browser exploits are somewhat hard to contain that way since the things attackers want may be in the browser itself (cookies or, hopefully not, saved passwords). I have to restate what I wrote in another thread: looking at the security record of the popular browsers it is scary we use them for online banking and other security-critical functions so carelessly in our everyday life. -- Jussi Peltola
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 05:10:58PM +0200, Dusty wrote: > There are no insecure browsers, just insecure sites. OK, but how do you tell a secure site from an insecure site? If a site turns out to be insecure, if the browser isn't vulnerable to the attacks that the insecure site can exploit, then the browser is "secure" for that insecure site. Assuming that, except for the short time between a security bug's discovery and its fix, all browsers are secure for known exploits, which browser is most likely to have the fewest unknown security bugs? Isn't that the same thing as asking which is the most secure browser? Other than reading local documentation, the "secure" browser would be used for visiting websites that I don't want to visit with a browser or from a box who's browser may have been compromised (unknowningly) from an insecure site. The example on a previous thread was doing internet banking. Is it wise to do one's banking from the same browser as one does general web surfing? Doug.
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 03:14:05PM +, Alexey Vatchenko wrote: > On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote: > > Alexey Vatchenko wrote: > >> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > >> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > >> >> If you want security, get rid of X. > >> >> > >> > Even if it's OpenBSD's X? The one that you need should you need to > >> > build any ports (including if you follow current and need > >> security fixes > >> > to any ports)? > >> > >> http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > > > Making X and no-X versions of everything has gotta be a pain. > > The security problem with X is that the (blobby?) video > > card has got better access to memory than the OS. > > The problem is not in blobbyness (all drivers that come with OpenBSD are open > sourced), the problem is that the userland program (X server) has access to > the > things that must be allowed only to kernel. To build ports, you need to have X installed. But there's no need to run it. -Otto
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 06:25:41PM +1300, Joel Wiramu Pauling wrote: > chroot ;-). > See the previous threads on this list about the false sense of security with virtualization and chroots in this context. Also see the previous thread for how I'm separating things between "secure", "entertainment" and the access boxes and terminals. Doug. > It is a pity that the is nothing like linux vservers for openbsd as yet ;-) > > On 18/01/2008, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > > > On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote: > > > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > > > I have a box that I want to keep as secure as I can but I also need > > to > > > > > be able to use a graphical browser from it (I know that this is a > > > > > trade-off). > > > > > > > > > > There is no graphical browser in base. I don't need or want this > > > > > browser to do javascript or flash (I have a different box for > > > > > entertainment). Of the browsers in packages, which browser would > > people > > > > > think is likely the most secure? > > > > [snip] > > > > > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > > > > > Because this box will also be my main server. For details, see a > > > previous thread (I forget the title) where I'm splitting things between > > > a "secure" box where anything confidential will be kept, and an > > > "entertainment" box for regular browsing with javascript and, where > > > required, flash. Also for watching DVDs and listening to music. > > > > Have you considered that > > a) you need to be very careful to properly separate these environments? > > (No SSH, no shared passwords, no direct access to 'confidential' data, > > etc.) > > b) the barrier between different users is pretty strong? Outside of some > > annoying symlink race conditions, there is very little mischief one > > account can do to another account that does not require gaining root in > > the first place. And most insecure software, at least on OpenBSD, will > > allow you to crack an account but not root > > c) graphical environments don't really belong on servers? > > > > Anyway, good luck. I can't think of any good suggestion except > > re-iterating what was said above, and noting that w3m can display > > graphics in an xterm. > > > > Joachim > > > > -- > > PotD: x11/gnome/audio - audio files for Gnome
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 08:39:57AM -0600, Tony Abernethy wrote: > Alexey Vatchenko wrote: > > On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > > >> If you want security, get rid of X. > > >> > > > Even if it's OpenBSD's X? The one that you need should you need to > > > build any ports (including if you follow current and need > > security fixes > > > to any ports)? > > > > http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > > > -- > > Alexey Vatchenko > > http://www.bsdua.org > > > Flames invited if I've got this wrong. > Include the X tarballs. > Answer NO to Do you intend to run X? > > Making X and no-X versions of everything has gotta be a pain. > The security problem with X is that the (blobby?) video > card has got better access to memory than the OS. > I said nothing about running an x server on the box, just having a graphical browser installed. It will be run via ssh from a trusted access box (not the "entertainment" box). My little access box doesn't have much memory so can't run anything more than e.g. dillo. This isn't an issue unless the concensus here is that a large browser (e.g. Konqueror or Seamonkey) is the most secure. I'm only focusing on the choice of browser for the secure section of the setup. Browsing is the only thing where there is a choice of app which will affect the performance of my boxes. Everything else I do I can do just fine on my 486. Doug.
Re: most secure graphical browser
On Thu, Jan 17, 2008 at 10:11:47PM -0500, Steve Shockley wrote: > Douglas A. Tutty wrote: > >I have a box that I want to keep as secure as I can but I also need to > >be able to use a graphical browser from it (I know that this is a > >trade-off). > > Assuming you've already decided to run X, then why not just run the > browser on your other machine and set the display to your server? Or > use rdesktop to connect to a Windows machine or vnc client or whatever. > That way any attacks would be an order of magnitude more difficult, an > attacker would have to exploit a bug both in the browser and a bug in X. > > See the previous thread "adivce requested on security issue" where someone wanted to keep normal browsing separate from on-line banking browsing. Doug.
Re: most secure graphical browser
On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote: > Alexey Vatchenko wrote: >> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: >> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: >> >> If you want security, get rid of X. >> >> >> > Even if it's OpenBSD's X? The one that you need should you need to >> > build any ports (including if you follow current and need >> security fixes >> > to any ports)? >> >> http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > Making X and no-X versions of everything has gotta be a pain. > The security problem with X is that the (blobby?) video > card has got better access to memory than the OS. The problem is not in blobbyness (all drivers that come with OpenBSD are open sourced), the problem is that the userland program (X server) has access to the things that must be allowed only to kernel. -- Alexey Vatchenko http://www.bsdua.org
Re: most secure graphical browser
Lynx is secure ;) There are no insecure browsers, just insecure sites. On Jan 18, 2008 4:39 PM, Tony Abernethy <[EMAIL PROTECTED]> wrote: > > Alexey Vatchenko wrote: > > On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > > >> If you want security, get rid of X. > > >> > > > Even if it's OpenBSD's X? The one that you need should you need to > > > build any ports (including if you follow current and need > > security fixes > > > to any ports)? > > > > http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > > > -- > > Alexey Vatchenko > > http://www.bsdua.org > > > Flames invited if I've got this wrong. > Include the X tarballs. > Answer NO to Do you intend to run X? > > Making X and no-X versions of everything has gotta be a pain. > The security problem with X is that the (blobby?) video > card has got better access to memory than the OS.
Re: most secure graphical browser
Alexey Vatchenko wrote: > On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > >> If you want security, get rid of X. > >> > > Even if it's OpenBSD's X? The one that you need should you need to > > build any ports (including if you follow current and need > security fixes > > to any ports)? > > http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 > > -- > Alexey Vatchenko > http://www.bsdua.org > Flames invited if I've got this wrong. Include the X tarballs. Answer NO to Do you intend to run X? Making X and no-X versions of everything has gotta be a pain. The security problem with X is that the (blobby?) video card has got better access to memory than the OS.
Re: most secure graphical browser
On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: >> If you want security, get rid of X. >> > Even if it's OpenBSD's X? The one that you need should you need to > build any ports (including if you follow current and need security fixes > to any ports)? http://marc.info/?l=openbsd-misc&m=114738577123893&w=2 -- Alexey Vatchenko http://www.bsdua.org
Re: : most secure graphical browser
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote: > Most secure goes a long way. I run firefox on a sepperate user > account. I doubt it's the most secure solution but it sure is > quite a bit more secure, and I'm quite sure you really don't want > to the most secure solution. :-) > > http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people > That was a nice solution. Gives firefox a sandbox to play in. Perhaps the user 'firefox' can have an own disk partition for its home directory too. > > # Han -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: most secure graphical browser
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote: > No kidding. Having X installed on a main server is a bad idea. What does > this main server do? If you need a GUI on your server you should > probably use Linux or Windows. > > If you just need a browser to view documentation on the Internet use > lynx; it's in the base. > > If you want security, get rid of X. > Even if it's OpenBSD's X? The one that you need should you need to build any ports (including if you follow current and need security fixes to any ports)? Doug.
Re: most secure graphical browser
Most secure goes a long way. I run firefox on a sepperate user account. I doubt it's the most secure solution but it sure is quite a bit more secure, and I'm quite sure you really don't want to the most secure solution. :-) http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people # Han
Re: most secure graphical browser
chroot ;-). It is a pity that the is nothing like linux vservers for openbsd as yet ;-) On 18/01/2008, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote: > > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > > I have a box that I want to keep as secure as I can but I also need > to > > > > be able to use a graphical browser from it (I know that this is a > > > > trade-off). > > > > > > > > There is no graphical browser in base. I don't need or want this > > > > browser to do javascript or flash (I have a different box for > > > > entertainment). Of the browsers in packages, which browser would > people > > > > think is likely the most secure? > > > [snip] > > > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > > > Because this box will also be my main server. For details, see a > > previous thread (I forget the title) where I'm splitting things between > > a "secure" box where anything confidential will be kept, and an > > "entertainment" box for regular browsing with javascript and, where > > required, flash. Also for watching DVDs and listening to music. > > Have you considered that > a) you need to be very careful to properly separate these environments? > (No SSH, no shared passwords, no direct access to 'confidential' data, > etc.) > b) the barrier between different users is pretty strong? Outside of some > annoying symlink race conditions, there is very little mischief one > account can do to another account that does not require gaining root in > the first place. And most insecure software, at least on OpenBSD, will > allow you to crack an account but not root > c) graphical environments don't really belong on servers? > > Anyway, good luck. I can't think of any good suggestion except > re-iterating what was said above, and noting that w3m can display > graphics in an xterm. > > Joachim > > -- > PotD: x11/gnome/audio - audio files for Gnome
Re: most secure graphical browser
On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote: > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > I have a box that I want to keep as secure as I can but I also need to > > > be able to use a graphical browser from it (I know that this is a > > > trade-off). > > > > > > There is no graphical browser in base. I don't need or want this > > > browser to do javascript or flash (I have a different box for > > > entertainment). Of the browsers in packages, which browser would people > > > think is likely the most secure? > > [snip] > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > Because this box will also be my main server. For details, see a > previous thread (I forget the title) where I'm splitting things between > a "secure" box where anything confidential will be kept, and an > "entertainment" box for regular browsing with javascript and, where > required, flash. Also for watching DVDs and listening to music. Have you considered that a) you need to be very careful to properly separate these environments? (No SSH, no shared passwords, no direct access to 'confidential' data, etc.) b) the barrier between different users is pretty strong? Outside of some annoying symlink race conditions, there is very little mischief one account can do to another account that does not require gaining root in the first place. And most insecure software, at least on OpenBSD, will allow you to crack an account but not root c) graphical environments don't really belong on servers? Anyway, good luck. I can't think of any good suggestion except re-iterating what was said above, and noting that w3m can display graphics in an xterm. Joachim -- PotD: x11/gnome/audio - audio files for Gnome
Re: most secure graphical browser
Douglas A. Tutty wrote: I have a box that I want to keep as secure as I can but I also need to be able to use a graphical browser from it (I know that this is a trade-off). Assuming you've already decided to run X, then why not just run the browser on your other machine and set the display to your server? Or use rdesktop to connect to a Windows machine or vnc client or whatever. That way any attacks would be an order of magnitude more difficult, an attacker would have to exploit a bug both in the browser and a bug in X.
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 01:03:07AM +0100, Rico Secada wrote: > On Thu, 17 Jan 2008 18:17:54 -0500 > "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > > > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > > I have a box that I want to keep as secure as I can but I also > > > > need to be able to use a graphical browser from it (I know that > > > > this is a trade-off). > > > > > > > > There is no graphical browser in base. I don't need or want this > > > > browser to do javascript or flash (I have a different box for > > > > entertainment). Of the browsers in packages, which browser would > > > > people think is likely the most secure? > > > [snip] > > > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > > > Because this box will also be my main server. For details, see a > > previous thread (I forget the title) where I'm splitting things > > between a "secure" box where anything confidential will be kept, and > > an "entertainment" box for regular browsing with javascript and, where > > required, flash. Also for watching DVDs and listening to music. > > A main server where you need a graphical browser? I am sorry, but why > don't you just use your entertainment box rather than browsing graphics > from your server? Because the entertainment box is downstairs whereas my other box (a P-II right now) is accessible from upstairs. If the results of this thread are that a big browser e.g. Konqueror is most likely to be the most secure, then that doesn't run directly on my P-II (not enough memory). I could have it installed on the server and run it via ssh from my P-II access box. Also, I would want to do any online banking with a secure browser from a secure box (see previous threads related to this). Doug.
Re: most secure graphical browser
On Jan 17, 2008, at 5:02 PM, ropers wrote: It can be useful for (esp. junior) sysadmins who've hooked up a monitor and keyboard to a server and are sitting in front of it to administer it, and who may not be confident enough of their choices without googling and reading through a number of pages on the web (and this list of course -- brownie points please ;). Due to bad web design decisions by others, googling for answers can be more comfortable from a graphical browser than from plain vanilla lynx(1). Funny, I usually have them bring a laptop with them. Y'know, wireless, or even a port on the switch, is not entirely out of the question here. Of course a point could be made that there is an inverse relationship between the "graphical sophistication" of a website (=lynx-incompatible bad design) and the quality of the site's content. However, sometimes even horribly designed sites host quality content, and being able to read that content can be useful. I still don't want a browser, let alone X11, on most of my servers. I tolerate Lynx on OpenBSD, but I'd rather not have it there at all.
Re: most secure graphical browser
On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote: > Douglas A. Tutty wrote: > >I have a box that I want to keep as secure as I can but I also need to > >be able to use a graphical browser from it (I know that this is a > >trade-off). > Have you considered running the browser in a virtual environment? Sure, but there have been many threads on here about how there is no virtualization system that adds security on i386/amd64 (as opposed to hardware with virtualizatio built-in). Doug.
Re: most secure graphical browser
Rico Secada wrote: On Thu, 17 Jan 2008 18:17:54 -0500 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: I have a box that I want to keep as secure as I can but I also need to be able to use a graphical browser from it (I know that this is a trade-off). There is no graphical browser in base. I don't need or want this browser to do javascript or flash (I have a different box for entertainment). Of the browsers in packages, which browser would people think is likely the most secure? [snip] Why not create an OpenBSD live CD with the stuff you want on it? Because this box will also be my main server. For details, see a previous thread (I forget the title) where I'm splitting things between a "secure" box where anything confidential will be kept, and an "entertainment" box for regular browsing with javascript and, where required, flash. Also for watching DVDs and listening to music. A main server where you need a graphical browser? I am sorry, but why don't you just use your entertainment box rather than browsing graphics from your server? No kidding. Having X installed on a main server is a bad idea. What does this main server do? If you need a GUI on your server you should probably use Linux or Windows. If you just need a browser to view documentation on the Internet use lynx; it's in the base. If you want security, get rid of X.
Re: most secure graphical browser
> On Thu, 17 Jan 2008 18:17:54 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > > A main server where you need a graphical browser? It can be useful for (esp. junior) sysadmins who've hooked up a monitor and keyboard to a server and are sitting in front of it to administer it, and who may not be confident enough of their choices without googling and reading through a number of pages on the web (and this list of course -- brownie points please ;). Due to bad web design decisions by others, googling for answers can be more comfortable from a graphical browser than from plain vanilla lynx(1). Of course a point could be made that there is an inverse relationship between the "graphical sophistication" of a website (=lynx-incompatible bad design) and the quality of the site's content. However, sometimes even horribly designed sites host quality content, and being able to read that content can be useful. --ropers
Re: most secure graphical browser
On Thu, 17 Jan 2008 18:17:54 -0500 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > I have a box that I want to keep as secure as I can but I also > > > need to be able to use a graphical browser from it (I know that > > > this is a trade-off). > > > > > > There is no graphical browser in base. I don't need or want this > > > browser to do javascript or flash (I have a different box for > > > entertainment). Of the browsers in packages, which browser would > > > people think is likely the most secure? > > [snip] > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > Because this box will also be my main server. For details, see a > previous thread (I forget the title) where I'm splitting things > between a "secure" box where anything confidential will be kept, and > an "entertainment" box for regular browsing with javascript and, where > required, flash. Also for watching DVDs and listening to music. A main server where you need a graphical browser? I am sorry, but why don't you just use your entertainment box rather than browsing graphics from your server? > Doug.
Re: most secure graphical browser
On Jan 17, 2008, at 3:36 PM, Frank Bax wrote: Have you considered running the browser in a virtual environment? Outside of virtualization providing snapshots, it doesn't do anything to truly improve security.
Re: most secure graphical browser
On Jan 17, 2008 8:42 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > I have a box that I want to keep as secure as I can but I also need to > be able to use a graphical browser from it (I know that this is a > trade-off). > > There is no graphical browser in base. I don't need or want this > browser to do javascript or flash (I have a different box for > entertainment). Of the browsers in packages, which browser would people > think is likely the most secure? links -g ? -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: most secure graphical browser
what are you referring to? are we restarting the VM are more secure flame fest? On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote: > Douglas A. Tutty wrote: >> I have a box that I want to keep as secure as I can but I also need to >> be able to use a graphical browser from it (I know that this is a >> trade-off). >> There is no graphical browser in base. I don't need or want this >> browser to do javascript or flash (I have a different box for >> entertainment). Of the browsers in packages, which browser would people >> think is likely the most secure? > > > Have you considered running the browser in a virtual environment?
Re: most secure graphical browser
Douglas A. Tutty wrote: I have a box that I want to keep as secure as I can but I also need to be able to use a graphical browser from it (I know that this is a trade-off). There is no graphical browser in base. I don't need or want this browser to do javascript or flash (I have a different box for entertainment). Of the browsers in packages, which browser would people think is likely the most secure? Have you considered running the browser in a virtual environment?
Re: most secure graphical browser
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > I have a box that I want to keep as secure as I can but I also need to > > be able to use a graphical browser from it (I know that this is a > > trade-off). > > > > There is no graphical browser in base. I don't need or want this > > browser to do javascript or flash (I have a different box for > > entertainment). Of the browsers in packages, which browser would people > > think is likely the most secure? > [snip] > > Why not create an OpenBSD live CD with the stuff you want on it? Because this box will also be my main server. For details, see a previous thread (I forget the title) where I'm splitting things between a "secure" box where anything confidential will be kept, and an "entertainment" box for regular browsing with javascript and, where required, flash. Also for watching DVDs and listening to music. Doug.
Re: most secure graphical browser
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > I have a box that I want to keep as secure as I can but I also need to > be able to use a graphical browser from it (I know that this is a > trade-off). > > There is no graphical browser in base. I don't need or want this > browser to do javascript or flash (I have a different box for > entertainment). Of the browsers in packages, which browser would people > think is likely the most secure? [snip] Why not create an OpenBSD live CD with the stuff you want on it? --STeve Andre'
Re: most secure graphical browser
On Thu, 17 Jan 2008 15:42:38 -0500 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > I have a box that I want to keep as secure as I can but I also need to > be able to use a graphical browser from it (I know that this is a > trade-off). > > There is no graphical browser in base. I don't need or want this > browser to do javascript or flash (I have a different box for > entertainment). Of the browsers in packages, which browser would > people think is likely the most secure? > > Here are my assumptions on the issue: > > Firefox development is focused on new features to keep up with the > latest web sites and technology. I don't know if they have time for > super security in the midst of that. > > Konqueror seems to have fewer security updates but still seems to > handle any sites I need (from my other box). I don't know if the > fewer number of security updates is because it is better written or > it doesn't get looked at as much. This is my normal browser, except > for one site that doesn't work (due to invalid html on the site). > > elinks or links are lightweight and work fine (no tabs though). Get > few updates. Don't know the security quality. > > dillo. Also works fine, but I haven't seen an update in quite a > while. Don't know if it continues to get security audits up-stream. > > Any suggestions? > > Doug. For your information dillo2 is in development-phase. As far as I know there isn't any open security problems with dillo and that mostly comes from simplicity. If there is security holes dillo's development sure will patch all of those right away. They are pretty active nowadays. Dillo-project has been mentioned ( as in adverticed ) as fast and secure www-browser. I'm using it daily i.e. in my email-client. I'll bet dillo is a very good choise for you. -- Henri Salo +358407705733 GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: most secure graphical browser
Douglas A. Tutty wrote: I have a box that I want to keep as secure as I can but I also need to be able to use a graphical browser from it (I know that this is a trade-off). There is no graphical browser in base. I don't need or want this browser to do javascript or flash (I have a different box for entertainment). Of the browsers in packages, which browser would people think is likely the most secure? I use Seamonkey. You can turn off Javascript. Java and Flash won't run if they are not configured. Seamonkey has been very solid for me for many years. I usually have it open and running for 2-4 weeks at a time and I have only experienced about 2 crashes in over 5 years. BTW, Seamonkey is derived from the the old Mozilla code base. It hasn't changed much over the years as far as features go. It does get security updates regularly though. Check out the fixes: http://www.mozilla.org/projects/security/known-vulnerabilities.html#SeaMonkey One drawback is that the version of Seamonkey in the OpenBSD packages is usually a minor version or two behind the latest Seamonkey. I have never let this bother me and it has never been a problem. -pachl
most secure graphical browser
I have a box that I want to keep as secure as I can but I also need to be able to use a graphical browser from it (I know that this is a trade-off). There is no graphical browser in base. I don't need or want this browser to do javascript or flash (I have a different box for entertainment). Of the browsers in packages, which browser would people think is likely the most secure? Here are my assumptions on the issue: Firefox development is focused on new features to keep up with the latest web sites and technology. I don't know if they have time for super security in the midst of that. Konqueror seems to have fewer security updates but still seems to handle any sites I need (from my other box). I don't know if the fewer number of security updates is because it is better written or it doesn't get looked at as much. This is my normal browser, except for one site that doesn't work (due to invalid html on the site). elinks or links are lightweight and work fine (no tabs though). Get few updates. Don't know the security quality. dillo. Also works fine, but I haven't seen an update in quite a while. Don't know if it continues to get security audits up-stream. Any suggestions? Doug.