Enhancing Browser Protection with Sandfox

In my own infrastructure, I use Sandfox to enhance my web browsing security. This is a Linux and OSX tool that creates a secure chroot, to ensure that even if your browser is compromised, it cannot access critical files. While I use it with Firefox, in theory it can be used to sandbox any application.

Before I do anything, I create a limited user who will only be used for web browsing. You should have pwgen installed before running this command or replace that part of the command with another long, randomly generated password. You should never log into this account.

# For the rest of this tutorial, that user's 
# name will be "USERNAME-sandbox".
useradd -m -p `pwgen -sy 30 1` "`whoami`-sandbox"

Once you have done that, you may initialize the sandbox.

# Create a Firefox sandbox but don't start Firefox
sudo sandfox --profile=firefox

For instance, I have mine configured to only have access to a specific downloads directory. That way you can control where any file goes, and ensure it does not just end up in your home directory where it could do more damage if exploited. Remember to ensure that the sandboxed account has write permission and your user account at least has read permissions to this folder.

# Add an additional bind to an existing sandbox named "firefox"
sudo sandfox --sandbox=firefox --bind /location/of/download/directory
# Force update of the firefox sandbox after editing its profile
# to add new binds.  (missing binds will be added, but existing
# binds will NOT be removed)
sudo sandfox --sandbox=firefox --make

Once that is configured, I alias firefox in my profile to ensure that whenever I launch it, the sandbox will be created. You should change the file modified to reflect what shell you use, I use zsh. Also ensure that you modify the alias to use the correct username, generated in the first step.

alias firefox=gksudo sandfox --profile=firefox --user=USERNAME-sandbox /usr/bin/firefox

This adds another layer of protection, although it is not insurmountable to an attacker. Anything you allow write access to can potentially be modified by a successful attacker. Sandboxing can work in Windows as well, although I have not used any of the options available and therefore cannot make any recommendations.