I don't trust Firefox very much. I don't want it to be able to read or write files in my home directory. A very simple and not at all complete sandbox is to run Firefox as another user but still use your display. Here's one way to do it.
My user, mc, and the Firefox user mcff are both members of the same Unix group, also called mcff.
When logged in as mc I start Firefox with a script I call fireweb:
#! /bin/sh
umask 027
xauth extract - $DISPLAY > /tmp/foo.txt
chgrp mcff /tmp/foo.txt
su -l mcff /home/mcff/bin/fireweb $DISPLAY
rm /tmp/foo.txt
The mcff user has his own fireweb script which I have placed in
/home/mcff/bin/fireweb as per the script above. It looks like this:
#! /bin/sh
xauth merge /tmp/foo.txt
export DISPLAY=$1
firefox &
That's it. When I invoke fireweb as mc the actual Firefox process
will run as the mcff user and with mcff's permissions. If I have set
the permissions of my home directory so that mcff can't read the
files, then neither should Firefox be able to read them.
Please note that if you have special configurations such as
.fonts.conf and a .gtkrc-2.0 you want to copy them to the Firefox
user's home directory as well.
Of course, if you want to keep your Firefox settings you will also
have to copy the .mozilla directory to ~mcff.
This text was originally a part of a Swedish blog post in October, 2010, Firefox som annan användare. It was inspired by a conversation with Martin “cosis” Samuelsson.
Last updated: <2012-02-23 07:58:27 MET>