Results 1 to 10 of 10

Thread: Privileges give to your web browser

Hybrid View

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Privileges given to your web browser

    A lot of people will advise you not to run programs such as web browsers and media players as root, reason being that if the program is exploited, the hacker has full access to your system.

    However, if you run these programs as a normal user, there's still one very big problem: The program has full access to your home folder.

    Now I don't know about anyone else, but the most valuable thing on my machine is my home folder. You could wipe all my applications, all my settings, my entire operating system, and I'll be able to replace it all within a day or two. My home folder however is valuable. I back it up from time to time, but still there's always gonna be stuff that I don't wanna lose.

    So with that said, I think something like a web browser should be run as a different user which doesn't have access to your home folder. That way, even if it the program gets exploited, there's not too much it can do.

    Has anyone ever played around with this before?
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Did you look into setting up a jailed environment?
    Tiocfaidh ár lá

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by KMDave View Post
    Did you look into setting up a jailed environment?
    Theres a big problem with that, every jail has its flaws, I know a guy who set up like 90% of his system in an almost flawless chroot jail, all run as a secondary user, etc. I would have thought it close to impossible to get into. Until we found a flaw one day... which would have resulted in anyone spawning a root shell....

    ANyway, point of that story is, a jail is good, but it shouldnt be your only protection, regular backups trump an army of HIDS, and firewalls everyday (reverse connection of course)

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by HitThemLow View Post
    Theres a big problem with that, every jail has its flaws, I know a guy who set up like 90% of his system in an almost flawless chroot jail, all run as a secondary user, etc. I would have thought it close to impossible to get into. Until we found a flaw one day... which would have resulted in anyone spawning a root shell....

    ANyway, point of that story is, a jail is good, but it shouldnt be your only protection, regular backups trump an army of HIDS, and firewalls everyday (reverse connection of course)
    Yes, no protection mechanism is perfect. Certain Linux exploits will allow you to break a chroot jail (I believe the udev privilege escalation exploit made public earlier this year can do that), other exploits will allow you to escape from a vm (Immunity's cloudburst) and Im sure there are ways around HIDs systems too. A layered defense is required.

    And yes, backups are one of the most important things you can do, but I don't necessarily think they can be described as trumping firewalls and HIDS, their purposes are too different to allow a comparison. You probably didn't mean that backups can be used instead of a firewall or HIDS, but just in case anyone else gets the impression that thats appropriate....
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by lupin View Post
    And yes, backups are one of the most important things you can do, but I don't necessarily think they can be described as trumping firewalls and HIDS, their purposes are too different to allow a comparison. You probably didn't mean that backups can be used instead of a firewall or HIDS, but just in case anyone else gets the impression that thats appropriate....
    No, not at all what I meant, but I for one know any idiot (well ok not ANY idiot, but alot) can get through firewalls, even with no mapped ports. HIDS is a bit harder, but possible. But, a proper backup system is almost impossible to track down and destroy them all. And in the very worst case, it prolongs the time you have to shut him/her down by hours.

    But when I say proper backups, I mean a reverse connecting system, where the backup machine connects to the server, then the logs are cleaned after wards, leaving it almost spotless. I even saw one that was compiled right into the kernel so noone could even see when it was happening. I dont expect most people to do that, but it was awesome nonetheless

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by HitThemLow View Post
    I for one know any idiot (well ok not ANY idiot, but alot) can get through firewalls, even with no mapped ports.
    If any idiot (or even many idiots) can get through it, the firewall rules probably need to be specified better. Proper filtering on outgoing connections (restricting allowed outbound traffic to what can be controlled) and proxying allowed outbound ports using a decent content inspecting device at least brings things to the level where it takes more than an idiot to get past it.

    An example - all outbound traffic denied by default, you only allow SMTP outgoing from your email server, DNS requests are only allowed outbound from your DNS server and web traffic has to go through a decent web filter that whitelists or inspects inside https and performs content checking on http/ftp traffic, blocking executables, binary content, etc. Using a proper proxy device can severely restrict the ability to tunnel out using the CONNECT method or http encapsulation tunneling (httptunnel).

    Quote Originally Posted by HitThemLow View Post
    I even saw one that was compiled right into the kernel so noone could even see when it was happening. I dont expect most people to do that, but it was awesome nonetheless
    Very cool. Perhaps overkill, but I respect that level of healthy paranoia. Would be a pain having to recompile the kernel whenever you needed to change configuration though (unless the config files were in the filesystem, but then theres a way to detect it...)
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Virchanza View Post
    A lot of people will advise you not to run programs such as web browsers and media players as root, reason being that if the program is exploited, the hacker has full access to your system.

    However, if you run these programs as a normal user, there's still one very big problem: The program has full access to your home folder.

    Now I don't know about anyone else, but the most valuable thing on my machine is my home folder. You could wipe all my applications, all my settings, my entire operating system, and I'll be able to replace it all within a day or two. My home folder however is valuable. I back it up from time to time, but still there's always gonna be stuff that I don't wanna lose.

    So with that said, I think something like a web browser should be run as a different user which doesn't have access to your home folder. That way, even if it the program gets exploited, there's not too much it can do.

    Has anyone ever played around with this before?
    One suggested method to get around this that I have heard of is to use a browser virtual appliance, e.g.

    Browser Appliance | Virtual Appliance Marketplace


    Of course this is really just running a new OS in a VM and browsing in that VM.

    Using a jail as KMDave suggested is also good.

    In Windows there are various process control tools that can be used to define what particular applications can do (e.g. what registry access can it perform, what files can it write to, etc). Its been a while since I looked at this, but I think the app I was doing this with was WinPooch?

    I don't know if there is a Linux equivalent to that, but you may want to investigate Linux Host Based Intrusion Prevention/Detection systems to see if they will fit the bill for controlling what the browser process can access.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Junior Member
    Join Date
    Apr 2009
    Posts
    43

    Default

    For those interested in Windows process control tools I would suggest checking out Sandboxie

    "Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •