Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Firefox Sandbox implications of User Namespaces being disabled

  • 1 trả lời
  • 0 gặp vấn đề này
  • Trả lời mới nhất được viết bởi Paul

ixian
ixian
more options

One of the typical configuration in linux is to turn off the user namespaces and/or network namespaces. This is because most of the exploits in linux have been related to namespaces vulnerabilities.

If there is a Firefox ver 127.0.2, running on Linux in which the user namespace is turned off then the following is observed in the Troubleshooting information, i.e. about:support Seccomp-BPF (System Call Filtering) true Seccomp Thread Synchronisation true User Namespaces for privileged processes true User Namespaces false Content Process Sandboxing true Media Plugin Sandboxing true

So how come with the username turned off, the content process and media plugin is still sandboxed? Also is having user namespace turned off, as given above, a security risk?

However if the network namespace is turned off, i.e. max_net_namespaces is set to zero, then it renders the browser unusable. Nothing works. Why is that?

Is there some documentation somewhere where these namespaces and their impact is explained in detail?

One of the typical configuration in linux is to turn off the user namespaces and/or network namespaces. This is because most of the exploits in linux have been related to namespaces vulnerabilities. If there is a Firefox ver 127.0.2, running on Linux in which the user namespace is turned off then the following is observed in the Troubleshooting information, i.e. about:support Seccomp-BPF (System Call Filtering) true Seccomp Thread Synchronisation true User Namespaces for privileged processes true User Namespaces false Content Process Sandboxing true Media Plugin Sandboxing true So how come with the username turned off, the content process and media plugin is still sandboxed? Also is having user namespace turned off, as given above, a security risk? However if the network namespace is turned off, i.e. max_net_namespaces is set to zero, then it renders the browser unusable. Nothing works. Why is that? Is there some documentation somewhere where these namespaces and their impact is explained in detail?

Tất cả các câu trả lời (1)

Paul
Paul
  • Moderator
  • Top 10 Contributor
more options

Hi

The solution might be to write an AppArmor profile, e.g. under /etc/apparmor.d/firefox-local, with content (replace <USER> with your username ; here it is assumed the firefox install lives under $HOME/bin/ ):

(This profile allows everything and only exists to give theapplication a name instead of having the label "unconfined".)


abi <abi/4.0>, include <tunables/global>

profile firefox-local /home/<USER>/bin/firefox/{firefox,firefox-bin,updater} flags=(unconfined) { 

 userns,

 # Site-specific additions and overrides. See local/README for details.
 include if exists <local/firefox>

}

The proceeding with a sudo systemctl restart apparmor.service should be enough.

Được chỉnh sửa bởi Paul vào

Hữu ích?

Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.