Desktop in root mode with browser in guest mode: is it safe?

Technical issues/questions of an intermediate or advanced nature.
User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Desktop in root mode with browser in guest mode: is it safe?

Post#1 by francois » 20 Feb 2023, 13:28

I like working in a root mode environment, but prefer surfing on the internet in a safer way. To get google-chrome-stable running in guest mode while I am in root mode desktop I use:

Code: Select all

su -c google-chrome guest
Is there any security issue that I shoud be aware for doing this?

Thanks.
Prendre son temps, profiter de celui qui passe.

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Desktop in root mode with browser in guest mode: is it safe?

Post#2 by Ed_P » 20 Feb 2023, 16:32

Can google-chrome download files to a root protected folder?
Ed

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Desktop in root mode with browser in guest mode: is it safe?

Post#3 by beny » 20 Feb 2023, 17:18

Ed_P can you try --no-sandbox but is a trick too old for the new browser,but work for the root account

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Desktop in root mode with browser in guest mode: is it safe?

Post#4 by francois » 21 Feb 2023, 01:59

@Ed:
Google chrome guest mode will download into the guest account and nowhere else.

If you start thunar in guest mode, you will not be able to move a guest mode downloaded file from /home/guest/Downloads/ outside the /home/guest structure without resorting to root mode. (tested).

@beny:
https://no-sandbox.io/
When the sandbox is disabled using the flag option --no-sandbox, websites or rendered pages can potentially execute malicious Javascript based exploits on your computer.
Prendre son temps, profiter de celui qui passe.

Post Reply