Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > Linux

Reply
 
Thread Tools Display Modes
Old 18. Dec 2016, 10:50 AM   #1 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default Firejail .... Sandboxie for Linux?

For those interested in such things, recently I've come across an interesting program for Linux that appears to offers an extra layer of protection along similar lines to that provided by Sandboxie for Windows....

Firejail Security Sandbox

It's very easy to install and get started using the default configuration that is built in for the usual internet facing programs such as Firefox, Thunderbird etc.
It's easy enough to launch from terminal but there's also a simple GUI to go with it called Firetools.

It appears to work seamlessly, and offers the possibility to configure a more robust level of protection to your personal or underlying system files if you want it.

Here's a couple of helpful articles to help get started with it...
http://www.linux-magazine.com/Issues/2015/173/Firejail
https://forums.linuxmint.com/viewtop...?f=42&t=202735

I know I know, Linux is inherently immune to malware etc etc. I'm not looking to re-open that debate!
However, for the testers who want to avoid breaking things, the paranoid, the risk takers and those coming from Windows with an inbuilt sense of vulnerability, it may be of interest.
Sope is offline   Reply With Quote
Old 18. Dec 2016, 11:33 AM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,236
Default

Igor reviewed this at the beginning of the year and I tend to agree with his conclusion.

"Firejail seems like a robustly implemented, lightweight sandbox software that closely mimics its Windows counterparts, and frankly, for no good reason. The default security in most distros is good enough never to have to worry about any big security problems. And if you do, then the logical, linear translation of the problem is to borrow concepts from the Windows world. Which is wrong, of course".

http://www.dedoimedo.com/computers/firejail.html

... but as you say there are always the paranoids including those still wanting a third party firewall for Windows.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 18. Dec 2016, 02:48 PM   #3 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default

Ooo thanks, I missed that article and I do visit Dedoimedo quite often.

To me, Firejail is still of interest I must admit. Not least because I don't trust myself enough not to break things without noticing!

And it still has some appeal for the paranoid or maybe those who've been traumatised by security breaches in Windows.... now where's my special tin-foil hat got to
Sope is offline   Reply With Quote
Old 17. Apr 2018, 12:03 PM   #4 (permalink)
Member
 
Join Date: Feb 2009
Posts: 2
Thumbs down

Quote:
Originally Posted by MidnightCowboy View Post
Igor reviewed this at the beginning of the year and I tend to agree with his conclusion.

"Firejail seems like a robustly implemented, lightweight sandbox software that closely mimics its Windows counterparts, and frankly, for no good reason. The default security in most distros is good enough never to have to worry about any big security problems. And if you do, then the logical, linear translation of the problem is to borrow concepts from the Windows world. Which is wrong, of course".
That conclusion misses so many legitimate uses for a sandboxing software containers. I.e. if you want to install a test version, or even an infected version, of software *and see what it does to the system* by viewing and comparing the changes in the sandbox, you clearly cannot do that with the default linux settings.

Yes, I'm aware that this answer is from 2016 but this conclusion was equally valid then just as it is now.
mistery is offline   Reply With Quote
Old 17. Apr 2018, 12:20 PM   #5 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,236
Default

Quote:
Originally Posted by mistery View Post
That conclusion misses so many legitimate uses for a sandboxing software containers. I.e. if you want to install a test version, or even an infected version, of software *and see what it does to the system* by viewing and comparing the changes in the sandbox, you clearly cannot do that with the default linux settings.

Yes, I'm aware that this answer is from 2016 but this conclusion was equally valid then just as it is now.
Igor's article was directed at the main intended use of Firejail on a default home user system.

"Firejail is a SUID sandbox tool, intended to minimize damage caused by security breaches and exploits in your Internet-facing software".

Naturally it has a use for the circumstances you describe but IMO your everyday machine is not the place to undertake testing of this nature.

Worth bearing in mind too that some malware is able to recognize when it is launched in a restricted environment and may not behave in the same way as it would on a live system
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Reply

« Feren OS | Mx-16 »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 02:09 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.