LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 08-06-2021, 08:01 PM   #61
zeebra
Senior Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 1,233
Blog Entries: 14

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378

Quote:
Originally Posted by jmccue View Post
A little off topic, but is this true ? If so, even more glad I use tcsh

I consider reading command history a security concern, some JAVA apps require you to use arguments like --user and --password
At least according to LSM(Tomoyo), and I don't doubt its reports. I get that Konqueror has to use inotify since it's also a file manager, but Firefox, why? Don't know if you have /sys in FreeBSD, but Firefox seems to take some rather liberal access to /sys (that it seemingly doesn't need at all). General snooping in /proc is also not so cool.
 
1 members found this post helpful.
Old 08-08-2021, 01:36 PM   #62
jmccue
Member
 
Registered: Nov 2008
Location: US
Distribution: slackware
Posts: 412

Rep: Reputation: 216Reputation: 216Reputation: 216
Quote:
Originally Posted by zeebra View Post
At least according to LSM(Tomoyo), and I don't doubt its reports. I get that Konqueror has to use inotify since it's also a file manager, but Firefox, why? Don't know if you have /sys in FreeBSD, but Firefox seems to take some rather liberal access to /sys (that it seemingly doesn't need at all). General snooping in /proc is also not so cool.
Interesting, I did a search and found these from 2015:

LWN.net
reddit.com

Seems the patches OpenBSD made to Firefox with unveil makes a lot of sense. I hope Firefox in Linux does something similar. I heard there is a newish project to add something like unveil and pledge to Linux.
 
Old 08-09-2021, 12:10 AM   #63
zeebra
Senior Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 1,233
Blog Entries: 14

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Quote:
Originally Posted by jmccue View Post
Seems the patches OpenBSD made to Firefox with unveil makes a lot of sense. I hope Firefox in Linux does something similar..
Well, that seems like a very healthy and simple solution.

Nah, we don't have that. We have alot of things that can do such things and more, but that seems like a better general distributed way of doing it, since most don't use any of the provided options in GNU/Linux. Some use containers (aka jails in bsd), others use LSM and other form of namespaces and sandboxing, but I would guess we are a small minority.

I guess distroes COULD patch Firefox if they wanted.
 
Old 08-10-2021, 10:19 PM   #64
Trihexagonal
Member
 
Registered: Jul 2017
Posts: 245

Rep: Reputation: 293Reputation: 293Reputation: 293
Patches for vulnerabilities found in Firefox have to come upstream from Mozilla before the Maintainer can update and include the patched version in the ports tree.

Then I can update my ports tree, get the patched version and compile it from source.

If a vulnerability is found we're stuck with it till Mozilla fixes it and the downstream Maintainer gets the patch.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why I think Diaspora* will never be more popular this way, and Facebook+Twitter remain as the most popular social networks dedec0 General 21 09-06-2018 12:13 AM
Is freeBSD less secure than other BSDs derek.m *BSD 8 02-25-2014 05:49 AM
LXer: Less Popular But Useful Linux Commands LXer Syndicated Linux News 0 06-20-2013 05:41 PM
[SOLVED] why suse is less popular/used zigmos Linux - Newbie 9 02-19-2009 12:05 PM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 10:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration