[Discuss] sandboxing web browsers

[tmetro+blu at gmail.com (Tom Metro)]

Richard Pieri wrote:
> Tom Metro wrote:
>> It's no worse than the previously mentioned solution that required sudo
>> to switch to a dedicated browser user. If you are running a shared
> 
> Docker is "sudo root". Dedicated Firefox user is "sudo !root".
> That's a huge difference.

The Docker daemon runs as root. If the non-privileged user starting FF
is put in the docker group and allowed to start any container, then yes,
they have root. If instead a SetUID script or sudo rule is used to
launch a specific container, which does not launch a root shell, then
the resulting container and FF process won't have root privileges.

In both cases you are using a root-level tool (sudo or Docker) to
perform a privilege escalation in a controlled fashion to allow user X
to execute a process as user Y.

Anyway, in a single user system, you presumably already have sudo on
your own machine, so this is a pointless distinction. (If you don't make
use of the docker group and use sudo to run your docker commands, its no
more of a security threat than anything else you run with sudo.)

The more interesting question is which option better contains the
Firefox process.


> Docker does not work "perfectly well" in the first place in my experience.

That may very well be your experience. But some of us use it daily and
find that it does the intended job.

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/