Re: [Tails-dev] Firejail for unsafe browser and SSR screen r…

Delete this message

Reply to this message
Author: Daniel Kahn Gillmor
Date:  
To: intrigeri, jg30, tails-dev
Subject: Re: [Tails-dev] Firejail for unsafe browser and SSR screen recorder
On Fri 2019-05-03 12:45:17 +0200, intrigeri wrote:
> When we switch to Wayland (#12213) we'll need to change the way we run
> the Unsafe Browser. In particular, we won't be able to run it under
> a dedicated user anymore.


this seems problematic to me. dedicated user accounts are one of the
simplest, most reliable process isolation mechanisms in unix. I scanned
https://redmine.tails.boum.org/code/issues/12213 briefly but didn't see
any mention of a bug report/feature request to the wayland developers
about this gap, other than this FAQ:

    https://fedoraproject.org/wiki/Common_F25_bugs#Running_graphical_apps_with_root_privileges_.28e.g._gparted.29_does_not_work_on_Wayland


(which seems like it's more about not wanting to leak root privs, not
about dedicated non-priv users)

i think this would be worth raising with Wayland upstream if it hasn't
been raised already, pointing out that there are good security reasons
to want to run applications under user isolation.

--dkg