On 7/12/24 19:09, o1bigtenor via Dng wrote:
[snip]
> Is there a way for me (besides not using web browsers) of limiting the
> access of javascript into my system?
Yes, there are several plug-ins for your browsers such as NoScript which
will limit the presence of javascript. NoScript is available via your
browser's plug-in component.
But the control ends there. If you'd like more limitations on the
browser's access to the file system then you'd need to look at AppArmor.
It is in the Devuan repository. See:
+ apparmor - user-space parser utility for AppArmor
+ apparmor-utils - utilities for controlling AppArmor
AppArmor can offer a bit of fine-grained access control to the file
system but its network developments (although once promised) have
stalled long ago. Thus networking remains all-or-nothing in AppArmor.
The default AppArmor profiles are generally so loose as to be
functionally useless, so you'll have to write your own. Building an
AppArmor profile takes quite a bit of debugging and in particular
running the target program through as many situations and activities as
possible while AppArmor is in complain mode. Then once there are no
more log messages in complain mode, throw the switch and set it for
enforce mode.
More details available.
> (It seems to me that browsers are today's trojan horses!!)
Yes. They are currently being abused as inefficient, wasteful, insecure
virtual machines to run unauthenticated, very inefficient, insecure, and
wasteful code of unknown provenance. In other words, too many sites are
now 'web apps' and have nothing to do with the WWW except the abuse of
the HTTP(S) protocol. Combine that with the failed security, including
cheating-induced bugs (ie through speculative execution), in the x86
architecture and you have a right proper mess.
"Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript"
https://arxiv.org/abs/1507.06955
/Lars