Given the likelihood of any given browser being affected by remote code execution flaws, the number of these types of flaws, and the wide attack surface (nearly every web site should be considered untrustworthy in this context) it is advised to never run a web browser as the root user. Last edited by Scorpion on 14:40, edited 2 times in total. if 'id -u' -eq 0 then complain 'The Tor Browser Bundle should not be run as root. Run as root and the browser has access to the entire system. So, when you see guides or tutorials on how to run the Tor Browser on Kali and it involves editing the actual sktop file to REMOVE the root user check. The Tor Browser Bundle should not be run as root. Run as a user and the browser has access to all the user files. This access could potentially extend beyond the system where the code was executed. 8 Next OscarTalks Posts: 2196 Joined: Mon, 00:58 Location: London, England Tor Browser Bundle by OscarTalks Fri, 03:29 For more information:- Quite useful for anonymous web-browsing and for viewing blocked websites. Depending on the level of access of the user running the web browser, the executed code potentially has access to whatever data the user has access to. 'The Tor Browser Bundle Should not run at root user, Exiting. When an attack happens, code from the remote web server, or the injected code, is executed on the local computer. These vulnerabilities are exploited by remote code hosted on other websites or by a MITM injection of code. Most security advisories for the Firefox web browser include patches to correct vulnerabilities for remote code execution. In this article we'll discuss the vulnerabilities and attack surface when running a web browser as root. Doing so opens your computing environment up to possible attack from outside sources. Running a web browser as root is generally a bad idea. There is good article on RHEL doc " Running a web browser as root" to understand the risks of runing a web browser as root:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |