Mitigating exploited software with firejail

[chan] bitmessage
Feb 18 01:45 [raw]

This firejail script sandboxes python application to have access only to necessary folders. All other folders on system are inaccessible. Of course the directory paths must be changed to reflect the location of your bitmessage files. This will prevent exploits and zero days from getting access to the filesystem outside your bitmessage folders. Perhaps a python guru would like to post a short virtualenv script that would mesh with this firejail to provide extra security? First copy the source directory from PyBitmessage/src to a sandbox directory. Then in the sandbox copy, remove everything above the /src/ directory in /PyBitmessage/ since only /src/ files are needed to run PyBitmessage. Removing these files in the parent directory lessens attack surface. Instead of running bitmessage directly, run it with this firejail script which sandboxes it very securely. ================== startbitmessage.sh ================== cd ~/sandbox/PyBitmessage/src firejail --noprofile --whitelist=/home/scripts/.config/PyBitmessage/ --whitelist=/home/scripts/sandbox/PyBitmessage/ python2 /home/scripts/sandbox/PyBitmessage/src/bitmessagemain.py

[chan] Crypto-Anarchist Federation
BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v

Subject Last Count
Free Git Replacement Jun 21 08:46 15
AES sucks Jun 21 06:47 5
KASPERSKY INTERNET SECURITY 2013-2019 - 366 DAYS FOR (WINDOWS, MAC, ANDROID) ACTIVATION CODES SALE. Jun 20 09:32 2
Mr. Burgess Jun 18 18:50 1
So-called "hacktivists" play an unwitting role in helping the NSA Jun 17 17:15 2
Самое педерастическое и лживое место в БМ это каналы серии "ru.politics", "ru.alt.politics", и "ru.alt-... .politics" под любым номером Jun 14 15:49 1
Самое педерастическое и лживое место в БМ это каналы серии ru.politics, ru.alt.politics, а также с любым номером в ru.alt-... .poli Jun 14 11:37 1
Самое педерастическое и лживое место в БМ это каналы ru.politics, ru.alt.politics, ru.alt-1.politics, ru.alt-2.politics, ru.alt-3.politics Jun 13 20:25 1
Самое педерастическое и лживое место в БМ это каналы: ru.politics, ru.alt.politics, ru.alt-1.politics Jun 13 19:09 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics => The most fucking-gay and false place in BM is the channels ru.politic Jun 13 15:58 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics Jun 13 11:52 1
FIDO Jun 9 16:02 1
fast encryption/decryption routine using group summing method Jun 9 10:59 1
NIST key management guidelines suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys… Jun 5 20:12 3
Paris Crypto-Anarchist Meetup #4 Jun 4 21:09 8
Spies win right to keep monitoring all traffic at world's biggest internet hub Jun 2 11:50 1
Searching for specific interactive virus encyclopedia Jun 1 14:48 1
TRUE LOVE May 31 21:49 4
PyBitmessage Security Scan on Branch v0.6 May 31 13:56 18
What is secure? May 31 11:55 1
REAL security experts endorse "security by obscurity" May 31 11:50 2
MEET ME ON THE DARK WEB May 31 07:11 1
persistence pays May 31 06:13 1
Anyone interested in some Sex in Germany? -DM May 29 05:07 5
A Message From Our Business to the Government May 29 03:36 1
hi May 28 20:16 2
look closely May 27 04:20 1
NSA Project Stellar Wind - Nine States of Civilization May 26 03:44 1
NSA boss Maureen Baginski reportedly said “9/11 was a gift to the NSA" (video) May 26 03:29 1