How can I restrict the web-browser from accessing certain directories?

Asked by Gergely Máté on 2010-12-13

I plan to install Adobe's Flash Player. However, I do not trust Adobe at all, so I would like to restrict my web browser from accessing certain directories - every directory in my home folder except for "Public" and "Downloads". How can I set up such restrictions?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Gergely Máté
Solved:
2010-12-13
Last query:
2010-12-13
Last reply:
2010-12-13
mycae (mycae) said : #1

if you are really worried, you can :

* run your web-browser process as a different user (I did this for a real-media player I did not trust).
* Modify the app-armour profile :https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/592121
* Use a chroot-ed browser : https://wiki.ubuntu.com/DebootstrapChroot (complicated)
* Use a VM.

You could run the browser as a different user but you will need to make a new user and type it's password eVERY time you launch the browser, it will then only have the access of that user. If you never log in as that user you will be giving zero info away (if you think any is with their plugin), you can then give your user read access to the new users home folder by creating a group and adding both your current user and the new user to it, you can then give group ownership of the new group to the new users home and you will get full access

Personally I think this is a case of over paranoia and have never heard of anything like this, I'm suprised you posted on here for fear of data collecting. You need to chill out dude.

Jason Odoom (jasonodoom) said : #3

What Browser do you use?

Gergely Máté (sportember) said : #4

Thanks for the links and the ideas.

Currently I use Chromium, but I plan to use Firefox for the above mentioned purpose.

actionparsnip: I prefer to stay being a well protected paranoid ;-)

You can do the same with either browser, it's still a lot of faff for near zero return. Theres well protected and there's having a whole wardrobe of tinfoil hats.

mycae (mycae) said : #6

Finally, instead of flash, you could use Gnash, which you can look at the code, or compile from source, if you really don't trust proprietary code that much.

Jason Odoom (jasonodoom) said : #7

Your not paranoid, I believe Adobe does, but Google more. In Firefox, go to
the "Tools" menu and hit "manage content plugins" find Flash and do what you
have to do.

With all due respect,

Jason Odoom
http://www.google.com/profiles/jasonodoom
https://launchpad.net/~jasonodoom <https://launchpad.net/%7Ejasonodoom>

Sent from Ubuntu <http://www.ubuntu.com/desktop>.

On Mon, Dec 13, 2010 at 6:07 PM, mycae <<email address hidden>
> wrote:

> Question #137698 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/137698
>
> mycae posted a new comment:
> Finally, instead of flash, you could use Gnash, which you can look at
> the code, or compile from source, if you really don't trust proprietary
> code that much.
>
> --
> You received this question notification because you are a direct
> subscriber of the question.
>

Gergely Máté (sportember) said : #8

Gnash is great, I've been using it for three years now, but there are some content I'd like to see and Gnash fails with.

actionparsnip: LOL
Btw. see the security part of http://en.wikipedia.org/wiki/Criticism_of_Adobe_Flash#Criticism if you're interested.

It's You're which is a truncated 'You are'. 'Your' is used to define possession like 'Your ball is red', 'you paranoid' is not correct here but 'you are paranoid' is which then gets truncated in acceptable English to 'You're paranoid'