diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-24 22:37:20 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-24 22:37:20 -0500 |
commit | 11e5b2ce21d6efa1ed0fea4db18e410427436162 (patch) | |
tree | f36791949f69817d9f47aec8dfd16d50f889ced7 /todo | |
parent | x11 work (diff) | |
download | firejail-11e5b2ce21d6efa1ed0fea4db18e410427436162.tar.gz firejail-11e5b2ce21d6efa1ed0fea4db18e410427436162.tar.zst firejail-11e5b2ce21d6efa1ed0fea4db18e410427436162.zip |
x11 work
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 35 |
1 files changed, 1 insertions, 34 deletions
@@ -1,34 +1 @@ | |||
1 | 1. Disable /dev/tcp in bash. Compiled time: --enable-net-redirections, --disable-net-redirections | firejail --noprofile --net=eth0 --x11 xterm -fg white -bg black | |
2 | ksh and zsh seem to have it. | ||
3 | |||
4 | Tests: | ||
5 | a) | ||
6 | cat </dev/tcp/time.nist.gov/13 | ||
7 | |||
8 | b) | ||
9 | exec 3<>/dev/tcp/www.google.com/80 | ||
10 | echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3 | ||
11 | cat <&3 | ||
12 | |||
13 | c) A list of attacks | ||
14 | http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/ | ||
15 | |||
16 | 2. SELinux integration | ||
17 | |||
18 | Firefox selinux disabled (RedHat): http://danwalsh.livejournal.com/72697.html | ||
19 | Firefox selinux enabled (Gentoo hardened): http://blog.siphos.be/2015/08/why-we-do-confine-firefox/ | ||
20 | "desktops are notoriously difficult to use a mandatory access control system on" | ||
21 | |||
22 | 3. abstract unix socket bridge, example for ibus: | ||
23 | |||
24 | before the sandbox is started | ||
25 | socat UNIX-LISTEN:/tmp/mysoc,fork ABSTRACT-CONNECT:/tmp/dbus-awBoQTCc & | ||
26 | in sandbox | ||
27 | socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock | ||
28 | |||
29 | 5. add support for --ip, --iprange, --mac and --mtu for --interface option | ||
30 | |||
31 | 6. --shutdown does not clear sandboxes started with --join | ||
32 | |||
33 | 7. profile for okular | ||
34 | |||