Even Safari is not a 100% secure browser, Pwn2Own just demonstrated it again. But so are all browsers, there will always be zero-day exploits. Google's Chrome got not exploited in the contest. Why? Well, one reason is it uses sand-boxing.
But we love Safari, because it's Cocoa and feels like a real Mac app and stuff, right? So lets just make Safari more secure. Luckily Leopard provides a way to do this, it's called sandbox-exec(1).
This mini-project just uses Leopards bundled tools to ensure Safari can't execute other programs or write to files anywhere on the file-systems where it is not supposed to write to and this gives you way more security against exploits than a out of the box Safari has.
Even if an attacker gets into the Safari process, he will not be able to execute another process from it or write to critical file system paths to install something permanent on your system. This doesn't protect against the all attack-vectors but against the more common ones.
All this is based on what I found in wishi's blog post.
Grab the tarball from GitHub
curl -L http://github.com/torsten/sandboxed-safari/tarball/master > sandboxed-safari.tgz
tar vxzf sandboxed-safari.tgz
Switch to the directory
Run the customize.rb script
ruby customize.rbThis will patch the policy file and the wrapper script with the locations of the files on your Mac. You can also customize the 2 files on your own (it's not much work). But just using the script is way more convenient.
Move all files to their proper locations
mv /Applications/Safari.app/Contents/MacOS/Safari /Applications/Safari.app/Contents/MacOS/Safari.orig cp sandboxed-safari.sh /Applications/Safari.app/Contents/MacOS/Safari cp safari-policy.sb /Applications/Safari.app/Contents/MacOS/
- After this, try restarting Safari and try to download a file. If you can't save it to your home directory, everything should be working.
- Rename the original Safari executable
mv /Applications/Safari.app/Contents/MacOS/Safari.orig /Applications/Safari.app/Contents/MacOS/Safari
- Delete the policy file
I just tested it with Safari 3.2.1 (5525.27.1), I don't know how the 4.0 beta reacts to this.
In its current configuration it is not possible to download files do anywhere else than ~/Downloads/. If you want to have this feature you can just add the line
To the other write-allowed paths.
Also Sogudis man: URLs will not work anymore because Safari can not execute external processes anymore (whoops). You can probably change this my adjusting the policy file as well, I just did not put any efforts into it yet.
I did not encounter any other limitations or points where Safari provides less features in any other way.