mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #2069] Feature request: Scanning application to determine if it 'misbehaves' #1397
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1397
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Raj2032 on GitHub (Jul 28, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2069
Firejail is great as it does sandbox applications which improves privacy and reduces any exploits that can attack the OS.
However what if a user wanted to use adobe reader for example and it needs access to all of your files in order for it to read the pdf files. The user can't fully restrict the application's access to the files, so he/she has to allow it to have such access.. What if this application doesn't perform any malicious activity but it does invade the user's privacy by collecting browsing history, collecting file names and sending it to adobe servers.
I wish that firejail can test an installed application or to search the entire Operating System of stuff to ensure that any applications or system softwares is not doing anything that can leak out confidential information such as secretly sending copies of my files to a server, secretly taking screenshots of my desktop and sending it to a server, collecting telemetry etc.
So essentially I want firejail to monitor behaviours of other applications/system softwares without it being complicated to use, is it possible?
@chiraag-nataraj commented on GitHub (Jul 28, 2018):
Given the way it currently works, probably not. The way firejail currently works is that it sets up the sandbox, launches the program, and goes to sleep. If you're concerned about an application, only give it access to a specific directory (I usually use
~/Downloads) and put any files you want to read in there. That's what I do for firefox, for example, as well as many of the messaging apps I use. If you also deny it internet access, it can't upload stuff even if it wants to. There are ways to prevent the stuff you're talking about here using firejail, but they may necessitate a change in habits.@Raj2032 commented on GitHub (Jul 28, 2018):
Well isn't it possible to implement new features that I have mentioned to
firejail though?
Oh ok I understand. But still I would like to have this feature installed,
it makes everything a lot better.
On Sat, Jul 28, 2018 at 4:14 PM ಚಿರಾಗ್ ನಟರಾಜ್ notifications@github.com
wrote:
@chiraag-nataraj commented on GitHub (Jul 28, 2018):
But what you're talking about is runtime monitoring of the application, which is entirely out of the scope of firejail...
@Raj2032 commented on GitHub (Jul 28, 2018):
Yes I know, and I wish firejail to have this feature included as well as I
have mentioned some of the problems of sandboxing application.
On Sat, Jul 28, 2018 at 4:32 PM ಚಿರಾಗ್ ನಟರಾಜ್ notifications@github.com
wrote:
@chiraag-nataraj commented on GitHub (Jul 28, 2018):
But that's what I'm saying. If you don't want it to access your entire filesystem, don't let it! You can allow just one folder for file transfers. I do this all the time, including with my browser, image editor, etc. If there's a folder they're "supposed" to be able to access (e.g. Documents), then grant them access to that as well. So for example, for the PDF reader, you might allow it to access Documents (for documents you create yourself and permanent documents you download) and Downloads (for temporary documents you download). If you don't want it to send anything to Adobe's servers, don't grant it internet access (
net none). A lot of what you want to accomplish can already be done with firejail, and to introduce a runtime monitoring system would drastically increase the code complexity and most likely bring in additional dependencies, making it heavier, less usable, and more prone to bugs and security issues.@chiraag-nataraj commented on GitHub (Jul 28, 2018):
And you're not going to be able to block the collection of telemetry. You just aren't. The only hope is if they either let you disable it (e.g. firefox) or they upload it to a different server from the main one (so you can block it with a hosts file entry). What you can do is block uploading stuff to their servers (again, by using
net none), but that depends on the program not needing internet access for normal function. As I said earlier, most of what you want can be achieved by a few simple directives in the firejail profile.@Raj2032 commented on GitHub (Jul 28, 2018):
"But that's what I'm saying. If you don't want it to access your entire
filesystem, don't let it!" What if you thought that application was safe
and you needed to allow it to have access to a particular confidential file
and it turns out that it sent a copy to a server, that is why I want
Firejail monitor and report back to me as to what that application was
doing.
On Sat, Jul 28, 2018 at 4:42 PM ಚಿರಾಗ್ ನಟರಾಜ್ notifications@github.com
wrote:
@reinerh commented on GitHub (Jul 28, 2018):
You could configure apparmor for that.
This allows you also to blacklist files, or only report on blacklisted file access.
@Raj2032 commented on GitHub (Jul 28, 2018):
"or only report on blacklisted file access." So I can get an alert if it
attempts to access a certain file, right?
On Sat, Jul 28, 2018 at 6:58 PM Reiner Herrmann notifications@github.com
wrote:
@reinerh commented on GitHub (Jul 28, 2018):
Yes, by default it logs accesses to the kernel log. But it's possible to setup userspace notification daemons and desktop applets for informing the user.
@Vincent43 commented on GitHub (Jul 28, 2018):
@Raj2032 what you ask is beyond of scope for firejail. Use tools which are designed for the job like Audit framework (remember Unix philosophy: Write programs that do one thing and do it well.)
That being said yours "allow and monitor" approach is wrong for security. When you get report that your secrets were sent somewhere over the internet it's already too late.
Look at what @chiraag-nataraj recommended to you and run something like
firejail --whitelist=~/Documents --net=none <pdf-app>to view docs and so on.@Raj2032 commented on GitHub (Jul 28, 2018):
Thanks for that :)
Why does Unix have this philosophy in the first place?
On Sat, Jul 28, 2018 at 9:11 PM Vincent43 notifications@github.com wrote:
@chiraag-nataraj commented on GitHub (Jul 28, 2018):
Unix has this philosophy because it has (historically, anyway) resulted in smaller programs which can be easily reused to make larger programs or scripts or whatever. Basically, it becomes more flexible as a result, and the people who are making the programs in the first place don't necessarily have to think about every usecase. https://en.wikipedia.org/wiki/Unix_philosophy