Can Firefox break out of a jail

[Andreas Nilsson]

On Mon, May 5, 2014 at 1:58 PM, Erich Dollansky <erichsfreebsdlist at alogt.com
> wrote:

> Hi,
>
> I do some experimenting with jails at the moment on a FreeBSD 10.0
> machine. The jails are all setup manually according to the handbook and
> man jail. Each jail gets a name and an IP address. Individual ports are
> then installed via the ports tree.
>
> X is running on the host system. Telnet is used to connect to the jails.
>
> When I install now firefox in a jail and also in the host system, I get
> the following behaviour.
>
> Scene A
>
> Firefox runs already on the host system. I start then firefox inside
> the jail firefox. It all seems fine as long as I do not use the history
> or want to save the visited page. The jailed firefox sees then the
> history of the firefox running on the host.
>
> Scene B
>
> Firefox is first started inside the jail firefox. When then the host
> system also starts a firefox, this firefox sees now the history and the
> filesystem of the jailed firefox.
>
> Is it X that allows the jailed firefox to communicate directly with
> firefox running directly on the host?
>
> Is there then a way to secure the system?
>
> I have tried then programs like gedit or kate and saw only the
> behaviour I expected. Both programs either saw only resources from
> inside the jail or from outside but never resources from the other side
> of the fence.
>
> Erich
>

Firefox is a strange beast in regarads to running it on a remote host.

It needs to be started as firefox --no-remote to not find "local running"
instance and connect to it. How that happens I don't know...

Best regards
Andreas