this post was submitted on 02 Jun 2024
47 points (88.5% liked)

Linux

47940 readers
1394 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

currently doing a fix of the code, wait for the 0.2 release!

Thunderbird is great, but very complex and possibly insecure and not private.

Threat model is an important key word here. Imagine you would write Mails over Tor/Tails only and need a secure Mail client.

(Btw I can recommend Carburetor Flatpak for that).

Because of this, the thunderbird hardening user.js, similar to the Arkenfox project exists.

But it is a bit too strict for most threat models. Also settings might change or break, and this has no automatic updating mechanism.

(I should upstream the updater)

The user.js is also just a template, so a ton of mostly not needed configs will stay there.

This project makes the setup of the hardening user.js easy.

Once setup, the script is placed in ~/.local/bin and a user systemd service runs it every once in a while.

You can comment out lines if you want to keep certain settings.

you are viewing a single comment's thread
view the rest of the comments
[–] boredsquirrel 1 points 5 months ago (1 children)

Found a new issue, fail-safeness.

This is a set of changes that may not be needed anymore, if things change.

I tried it with a file, and it one of these commands fails, the whole command seems to fail.

So if a single setting is removed, this means the whole script would fail.

[–] thingsiplay@beehaw.org 2 points 5 months ago (1 children)

I see. Indeed if this is the way you want to proceed, having individual commands is more appropriate. But the thing is, if something fails, then isn't it better to fail the entire script, instead proceeding silently without the fail being noticed? It depends, in some cases this can be the desired behavior.

[–] boredsquirrel 0 points 5 months ago (1 children)

Hm, kinda bad.

I could just add a GUI error message and get tons of bug reports, needing a fix.

[–] thingsiplay@beehaw.org 1 points 5 months ago (1 children)

Hey, I'm not trying to convince you, just wanted to mention something more to think about. Sometimes fail-safeness is truly the better way. But is it in this case too? I mean if the script fails at once with a single sed command, then it means the file is not manipulated. If you have bunch of sed commands and one or two fails, then you have maybe 90% success commands and a few that did not work. That means the script edited the file in a state that was not intended to be. However, if it is a single command and fails all at once, at least the file is preserved as it is.

I don't know enough about this project to know whats important and appropriate in your case. I mean if its okay that commands "fail", then keep it this way.

[–] boredsquirrel 2 points 5 months ago

In this specific case it is not how this works.

It modifies lines searching for unique strings. If the string is not found, then it was maybe removed.

(The user.js handles removals normally by commenting things out, so I might actually use a single command).

If something was not found then it doesnt need to be changed, everything fine.

The result is a user.js from a good template, with all the settings applied that I knew. Maybe something new was added and that is unchanged.

The alternative would be not updating the config at all, which means no response to Mozilla adding weird stuff to it.

Firefox is a more moving target here.

I will implement a persistent GUI error message if something failed.