16 comments

[ 3.0 ms ] story [ 54.2 ms ] thread
This is sorely needed as part of mainstream desktops due to the extended power of APIs available to web pages like file access for instance.
Aren't those already sandboxed browser-local filesystems?
The browser can still access your disk though, so any vulnerability in your browser means arbitrary access. An example from last year https://blog.mozilla.org/security/2015/08/06/firefox-exploit.... That's the reason that I decided to use firejail myself.
Okay. So it's a protection against browser exploits, not overreaching web APIs.
Good security has layers. That way if one falls through, hopefully the next layer will catch it.
It's more a boundary for the browser not to pass because it has no business. I've seen an alternative approach which used a separate user account for Firefox and then SSH forwarding of X.
WebTorrent is something I'm afraid to try due to the laws in the place I live and nobody answered me when I asked if WebRTC p2p connections first show a permission popup like Microphone or Speaker access. I don't know how the file access APIs work in JavaScript, but it's scary to think a random website could have a random JS snippet that uploads a file from $HOME.
There will of course be a permission pompt.
Good to know, I might try it the next time I'm in another country.
Come to think of it, why doesn't a WebRTC connection on something like appear.in prompt for Network permission?
don't forget that binary blobs and plug ins are more present than ever. before you only had flash, now there's hangouts, flash, silverligth, etc
Hangouts work without plugins and just WebRTC, or at least that's what I thought. Does it not?
You wish. Just because you sold your info and control to google by using chrome doesn't mean everyone have. :)

Chrome have it pre-installed, just like microsoft had flash pre-installed. All perfect and dandy until the 0-days start to show up.

this is what i get if i try to start a hangout conference:

https://www.google.com/tools/dlpage/hangout?hl=en#hangouthtt...

Could similar results be achieved with (x)wayland by spawning a separate X server for each application? IIUC xwayland spawns an X server on demand, but just one (so X applications can spy on each-other while wayland apps cannot, and X cannot spy on wayland apps).
Reminder that this breaks basic features like copy/paste, drag-and-drop, and a lot of applications that spawn helper applications and expect them to be on the same display.

There is a reason that the general Linux desktop camp is not adopting solutions like this and instead preferring Wayland, and that's that these systems can never be production ready and support the featureset that traditional X11 can support.

Also, I tested my keylogger [0] on this setup, and it still got through. Oops. They're proxying through XRecord and XTest it seems.

https://github.com/magcius/keylog

That's probably worth an issue?