Results 1 to 4 of 4

Thread: Setting up Apparmor to protect firefox

  1. #1
    steve 2 NNTP User

    Default Setting up Apparmor to protect firefox


    Hi there. I'm a relatively new linux user and would like some help using
    yast to set up apparmor protection for firefox.

    I have read some articles on how to do this from various sources,
    however, every time I get to a particular point in the process what
    actually happens deviates from what I was told would happen.

    Essentially, I understand I have to create a profile for both firefox
    and firefox.sh

    When I go to make the profile through yast I get to the point where I
    have run firefox for a few minutes - I do some browsing, watch some
    youtube etc. Then when I get back to yast and I'm running the rest of
    the configuration process I get lost. The articles I read told me that
    all I would have to do for each privilege or file firefox accessed was
    push "Allow" or "Deny" or something to that affect.

    In reality I had several options to choose from at each turn. For every
    privilege or file accessed, I had to choose from about six options,
    including "Inherit" or even to create a whole new profile for the file
    itself. It became very confusing. Would it be a good or bad idea to
    click "inherit" for each item? Probably not I assume.

    Secondly, most of the literature I have read on apparmor states that
    while you are creating a new profile on an application, you should make
    an attack impossible. Well, how can I do this when I'm profiling firefox
    and therefore have to access the internet with it in order for apparmor
    to profile it - thus making it to some extent vulnerable to attack,
    especially considering I'm running root privileges through yast at the
    time?

    Sorry, if I have not made myself very clear. If someone has the
    patience to help me out with this one, it would be greatly appreciated.
    I really wish firefox was set up by default in apparmor - although I
    realise there is probably a good reason it is not.


    --
    steve_2
    ------------------------------------------------------------------------
    steve_2's Profile: http://forums.opensuse.org/member.php?userid=15212
    View this thread: http://forums.opensuse.org/showthread.php?t=404681


  2. #2
    geoffro NNTP User

    Default Re: Setting up Apparmor to protect firefox


    I think the reason that Firefox is not set up as default in apparmor is
    that it is not really necessary.
    Very difficult to attack Linux via Firefox. Firstly there is no activex
    and it is run as a normal user and therefor cannot execute programs. I
    actually remove apparmor on my system.
    I googled for Firefox and apparmor i didn't find anything.

    Didn't answer your question but as i said not needed IMHO

    /Geoff


    --
    Core 2 Duo 3.16GHz 4GB DDR2 2.5 TB GeForce 7600 GS OS 11.1 x86_64
    KDE4.2 beta2 'Smolt specs' (http://tinyurl.com/9hgxhl)
    ------------------------------------------------------------------------
    geoffro's Profile: http://forums.opensuse.org/member.php?userid=75
    View this thread: http://forums.opensuse.org/showthread.php?t=404681


  3. #3
    geoffro NNTP User

    Default Re: Setting up Apparmor to protect firefox


    I think the reason that Firefox is not set up as default in apparmor is
    that it is not really necessary.
    Very difficult to attack Linux via Firefox. Firstly there is no activex
    and it is run as a normal user and therefor cannot execute programs. I
    actually remove apparmor on my system.
    I googled for Firefox and apparmor i didn't find anything.

    Didn't answer your question but as i said not needed IMHO

    /Geoff


    --
    Core 2 Duo 3.16GHz 4GB DDR2 2.5 TB GeForce 7600 GS OS 11.1 x86_64
    KDE4.2 beta2 'Smolt specs' (http://tinyurl.com/9hgxhl)
    ------------------------------------------------------------------------
    geoffro's Profile: http://forums.opensuse.org/member.php?userid=75
    View this thread: http://forums.opensuse.org/showthread.php?t=404681


  4. #4
    Chris Maaskant NNTP User

    Default Re: Setting up Apparmor to protect firefox

    geoffro schreef:

    > and it is run as a normal user and therefor cannot execute programs.


    You're saying normal users can't execute programs?
    I don't think so.
    And the files a user has acces to happen to be the files he or she cares
    about.

    Saying a user can't do any harm is wrong, it only easyer to get the harm
    undone *IF* you make backups.

    Firefox is pretty safe to use i'm sure, it's the trillion extensions you
    should be carefull with.
    --
    Chris Maaskant


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •