Limit rights of programs #35

New Issue

Benjamin_Loison · 2024-08-23T19:13:17+02:00

Benjamin_Loison commented

2024-08-23 19:13:17 +02:00

Like disk and network access. Maybe like snap and flatpak.

+11

Like disk and network access. Maybe like snap and flatpak. +11

Benjamin_Loison commented

2024-08-23 19:13:35 +02:00

Related to Benjamin-Loison/keepassxc/issues/59.

Related to [Benjamin-Loison/keepassxc/issues/59](https://github.com/Benjamin-Loison/keepassxc/issues/59).

Benjamin_Loison commented

2024-08-28 04:44:54 +02:00

https://www.reddit.com/r/privacy/comments/fwux29/signal_desktop_stores_the_encryption_key_in_a/

Benjamin_Loison commented

2024-08-31 15:24:42 +02:00

Related to Benjamin-Loison/termux-app/issues/36#issuecomment-2322872930.

Related to [Benjamin-Loison/termux-app/issues/36#issuecomment-2322872930](https://github.com/Benjamin-Loison/termux-app/issues/36#issuecomment-2322872930).

Benjamin_Loison commented

2024-11-11 16:09:15 +01:00

Related to Benjamin-Loison/android/issues/46.

Related to [Benjamin-Loison/android/issues/46](https://github.com/Benjamin-Loison/android/issues/46).

Benjamin_Loison commented

2024-11-14 14:41:43 +01:00

Not sudo programs can't access other programs memory right?

Can any selected program get clipboard content/keyboard strokes (even background ones)? If so, then Benjamin-Loison/keepassxc/issues/6 looks important.

Not `sudo` programs can't access other programs memory right? Can any selected program get clipboard content/keyboard strokes (even background ones)? If so, then [Benjamin-Loison/keepassxc/issues/6](https://github.com/Benjamin-Loison/keepassxc/issues/6) looks important.

Benjamin_Loison commented

2024-11-14 20:37:50 +01:00

Related to Benjamin_Loison/Thunderbird/issues/89#issuecomment-2447527.

Related to [Benjamin_Loison/Thunderbird/issues/89#issuecomment-2447527](https://codeberg.org/Benjamin_Loison/Thunderbird/issues/89#issuecomment-2447527).

Benjamin_Loison commented

2024-12-01 20:22:40 +01:00

Related to Benjamin_Loison/gpg/issues/26.

Related to [Benjamin_Loison/gpg/issues/26](https://codeberg.org/Benjamin_Loison/gpg/issues/26).

Benjamin_Loison commented

2024-12-07 14:39:37 +01:00

Wikipedia: Qubes OS

[Wikipedia: Qubes OS](https://en.wikipedia.org/wiki/Qubes_OS)

Benjamin_Loison commented

2024-12-18 15:51:03 +01:00

Related to Benjamin_Loison/openssh/issues/43.

Related to [Benjamin_Loison/openssh/issues/43](https://salsa.debian.org/Benjamin_Loison/openssh/-/issues/43).

Benjamin_Loison commented

2024-12-18 17:13:55 +01:00

Wikipedia: Access control list may help.

[Wikipedia: Access control list](https://en.wikipedia.org/wiki/Access_control_list) may help.

Benjamin_Loison referenced this issue

2024-12-18 18:00:27 +01:00

Allow only to lend a port and modify `~/.ssh/authorized_keys` #51

Benjamin_Loison commented

2024-12-31 22:37:07 +01:00

See on my Linux Mint 22 Cinnamon Framework 13 benjamin-less-safe user.

See on my Linux Mint 22 Cinnamon Framework 13 `benjamin-less-safe` user.

Benjamin_Loison commented

2025-01-02 02:02:11 +01:00

Related to Benjamin_Loison/shred/issues/{18,17}.

Related to [Benjamin_Loison/shred/issues/](https://codeberg.org/Benjamin_Loison/shred/issues){[18](https://codeberg.org/Benjamin_Loison/shred/issues/18),[17](https://codeberg.org/Benjamin_Loison/shred/issues/17)}.

Benjamin_Loison commented

2025-02-15 19:08:53 +01:00

Note that I am fine having to specify which file(s) or/and folder(s) I give access to a program, possibly even if need a reboot.

Benjamin_Loison commented

2025-03-28 19:43:11 +01:00

The person:

limited file system access of Firefox to downloads for instance if I remember correctly.

<details> <summary>The person:</summary> ``` -----BEGIN PGP MESSAGE----- hF4DTQa9Wom5MBgSAQdAiLznqw6nY2r8aPkAEOnzWgC/lDTqc6sZhSdMStOZHA4w 8ibuzUS1nzBeDLbU5vaLcfXfCKx+GT7iOGf2qYeo6NvNsVRuqHObFc/j2+kJBYim 0kEBTPe8GLlrZ/HyzPNR6Ac0USlnfKr+f0IOZzhP02dP+k96RgzGcRSKP4fpkbDc BJuMrd6Wms3f95GkBkceDvdeBA== =ESEq -----END PGP MESSAGE----- ``` </details> limited file system access of Firefox to downloads for instance if I remember correctly.

Benjamin_Loison commented

2025-04-13 12:56:47 +02:00

Vagrant may help, see Benjamin_Loison/fennecbuild/issues/8.

Vagrant may help, see [Benjamin_Loison/fennecbuild/issues/8](https://gitlab.com/Benjamin_Loison/fennecbuild/-/issues/8).

Benjamin_Loison commented

2025-05-21 17:18:39 +02:00

Related to Benjamin-Loison/shotcut/issues/5.

Related to [Benjamin-Loison/shotcut/issues/5](https://github.com/Benjamin-Loison/shotcut/issues/5).

Benjamin_Loison commented

2025-05-23 14:16:29 +02:00

Related to Benjamin-Loison/selenium/issues/22.

Related to [Benjamin-Loison/selenium/issues/22](https://github.com/Benjamin-Loison/selenium/issues/22).

Benjamin_Loison commented

2025-06-05 20:35:27 +02:00

Related to Benjamin-Loison/nemo/issues/27.

Related to [Benjamin-Loison/nemo/issues/27](https://github.com/Benjamin-Loison/nemo/issues/27).

Benjamin_Loison commented

2025-07-19 07:30:22 +02:00

Related to Benjamin-Loison/android/issues/222.

Related to [Benjamin-Loison/android/issues/222](https://github.com/Benjamin-Loison/android/issues/222).

Benjamin_Loison commented

2025-07-19 07:34:16 +02:00

Should read Wikipedia: Security-Enhanced Linux (1298109462).

Should read [Wikipedia: Security-Enhanced Linux (1298109462)](https://en.m.wikipedia.org/w/index.php?title=Security-Enhanced_Linux&oldid=1298109462).

Benjamin_Loison commented

2025-08-19 19:05:59 +02:00

https://www.privacyguides.org/en/desktop/#security-focused-distributions

Benjamin_Loison commented

2025-08-19 19:06:05 +02:00

https://www.privacyguides.org/en/desktop/#whonix
apparmor.d
https://whonix.org/wiki/Sandbox-app-launcher

https://www.privacyguides.org/en/desktop/#whonix [apparmor.d](https://github.com/roddhjav/apparmor.d) https://whonix.org/wiki/Sandbox-app-launcher

Benjamin_Loison commented

2025-10-10 13:48:57 +02:00

Concerning Docker, see for instance Benjamin_Loison/etesync-dav/issues/4#issuecomment-7661008.

Concerning Docker, see for instance [Benjamin_Loison/etesync-dav/issues/4#issuecomment-7661008](https://codeberg.org/Benjamin_Loison/etesync-dav/issues/4#issuecomment-7661008).

Benjamin_Loison commented

2025-11-09 02:51:58 +01:00

In the context of Benjamin_Loison/Debian/issues/21#issuecomment-8186555 after having killed Prism Launcher with pkill -f.

ps aux | grep -i [b]wrap

Output:

benjami+ 3136507  0.0  0.0   3576  1852 ?        S    Nov08   0:00 bwrap --args 45 -- prismlauncher
benjami+ 3136515  0.0  0.0   3576  1840 ?        S    Nov08   0:00 bwrap --args 45 -- xdg-dbus-proxy --args=47
benjami+ 3136519  0.0  0.0   3584  1268 ?        S    Nov08   0:00 bwrap --args 45 -- prismlauncher

man bwrap

Output:

...
DESCRIPTION
       bwrap is a unprivileged low-level sandboxing tool (optionally setuid on older distributions). You are unlikely to use it directly from the commandline, although that is possible.

       It works by creating a new, completely empty, filesystem namespace where the root is on a tmpfs that is invisible from the host, and which will be automatically cleaned up when the last process exits.
       You can then use commandline options to construct the root filesystem and process environment for the command to run in the namespace.

       By default, bwrap creates a new mount namespace for the sandbox. Optionally it also sets up new user, ipc, pid, network and uts namespaces (but note the user namespace is required if bwrap is not
       installed setuid root). The application in the sandbox can be made to run with a different UID and GID.

       If needed (e.g. when using a PID namespace) bwrap is running a minimal pid 1 process in the sandbox that is responsible for reaping zombies. It also detects when the initial application process (pid 2)
       dies and reports its exit status back to the original spawner. The pid 1 process exits to clean up the sandbox when there are no other processes in the sandbox left.
...

In the context of [Benjamin_Loison/Debian/issues/21#issuecomment-8186555](https://codeberg.org/Benjamin_Loison/Debian/issues/21#issuecomment-8186555) after having killed Prism Launcher with `pkill -f`. ``` ps aux | grep -i [b]wrap ``` <details> <summary>Output:</summary> ``` benjami+ 3136507 0.0 0.0 3576 1852 ? S Nov08 0:00 bwrap --args 45 -- prismlauncher benjami+ 3136515 0.0 0.0 3576 1840 ? S Nov08 0:00 bwrap --args 45 -- xdg-dbus-proxy --args=47 benjami+ 3136519 0.0 0.0 3584 1268 ? S Nov08 0:00 bwrap --args 45 -- prismlauncher ``` </details> ```bash man bwrap ``` <details> <summary>Output:</summary> ``` ... DESCRIPTION bwrap is a unprivileged low-level sandboxing tool (optionally setuid on older distributions). You are unlikely to use it directly from the commandline, although that is possible. It works by creating a new, completely empty, filesystem namespace where the root is on a tmpfs that is invisible from the host, and which will be automatically cleaned up when the last process exits. You can then use commandline options to construct the root filesystem and process environment for the command to run in the namespace. By default, bwrap creates a new mount namespace for the sandbox. Optionally it also sets up new user, ipc, pid, network and uts namespaces (but note the user namespace is required if bwrap is not installed setuid root). The application in the sandbox can be made to run with a different UID and GID. If needed (e.g. when using a PID namespace) bwrap is running a minimal pid 1 process in the sandbox that is responsible for reaping zombies. It also detects when the initial application process (pid 2) dies and reports its exit status back to the original spawner. The pid 1 process exits to clean up the sandbox when there are no other processes in the sandbox left. ... ``` </details>

Benjamin_Loison commented

2025-11-09 20:15:56 +01:00

Maybe related to containers/bubblewrap, source: GNOME/nautilus/blob/b6b0b45c3e089e04dd65380f89bd7a27bbbe22af/README.md?plain=1#L12.

Maybe related to [containers/bubblewrap](https://github.com/containers/bubblewrap), source: [GNOME/nautilus/blob/b6b0b45c3e089e04dd65380f89bd7a27bbbe22af/README.md?plain=1#L12](https://gitlab.gnome.org/GNOME/nautilus/-/blob/b6b0b45c3e089e04dd65380f89bd7a27bbbe22af/README.md?plain=1#L12).

Benjamin_Loison commented

2025-11-20 15:06:43 +01:00

Related to Benjamin_Loison/gnome-control-center/issues/57.

Related to [Benjamin_Loison/gnome-control-center/issues/57](https://gitlab.gnome.org/Benjamin_Loison/gnome-control-center/-/issues/57).

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/linux#35