Securely Browsing the Web ========================= Author: Momchil Ivanov Date : 2013.01.19 Introduction ------------ The goal of this article is to create a secure environment for browsing the web. We will create a separate system user called foo who will be running the web browser. Will give foo temporary access to the X session in order to be able to visualise the browser on the desktop. It is important to remove any environment variables that might give away important information for the user that is browsing. Using a separate account for browsing has the advantage that a potential attacker cannot gain direct access to the local data. Instructions ------------ 1. Create the user foo with no login rights # pw useradd -n foo -m -s /bin/sh -w no 2. Go to $HOME/bin $ cd $HOME/bin 2. Create a wrapper script for starting a browser $ cat > start-web-browser.sh < \n\n" 1>&2 exit 1 } [ $# -ne 2 ] && usage _USER="$1" APP="$2" _HOME=$(getent passwd $_USER | cut -d: -f6) _PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin # fix user access in case of error and at exit trap "xhost -si:localuser:${_USER}" 0 EXIT HUP INT QUIT TERM xhost +si:localuser:${_USER} su - ${_USER} -c "/usr/bin/env -i USER=${_USER} HOME=${_HOME} PATH=${_PATH} DISPLAY=${DISPLAY} ${APP}" EOF $ chmod +x start-web-browser.sh 3. Create a setuid binary that starts opera via the wrapper script, note that we use absolute paths for security reasons $ cat > opera.c < #include #include int main() { setuid(0); system("/home/user/bin/start-web-browser.sh foo /usr/local/bin/opera"); return 0; } EOF $ gcc -o opera opera.c # chown root:wheel opera # chmod u+s opera 4. Now you can start $HOME/bin/opera