Firefox is scheduled to be released tomorrow, with that comes a new improvement to the browser's sandbox security feature for the Linux community.
Here's will it will help in the content process, this is the place that renders the web pages from the internet and executes javaScrip code. This will now be sandboxed from reading large parts of the filesystem, but it could read libraries, config, themes and fonts. One thing to take note is that permissions will no longer be given to it to read private information in the home directory or a profile.
The web rendering process will still allow it to read from the filesystem since it is still integrated with the GTK user interface.
new features in Config Options
You still have to be careful using Linux as config of the system can still break things if this is not set up right. There are new parameters in the fireFox about:Config configuration panel, you can customize this in situations when web pages wont display as they did previously before the update to fireFox 57.
The sandbox security content level
You can disable the sandbox when set to 0. This parameter has 3 values when you enable the sandbox:
| Job Level | What's blocked by the Sanbox? |
|---|---|
| Level 1 | Many syscalls, including process creation |
| Level 2 | a. Many syscalls, including process creation |
b. Write access to the files system</br>
- Excludes shared memory, tempdir, video hardware</br>
Level 3 | Everything listed above with the addition of read access to most hte filesystem
- Exlcudes themes/GTK config, fonts, shared data & libraries.
read_path_whitelist
This parameter adds new directory paths, make sure the directory contains libraries and nothing more to prevent security issues.
write_path_whitelist
This allows you to decide what folder fireFox can write data to.
syscall_whitelist
You can whitelist previously blocked system calls.
And even better NSA backdoor.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit