The IronFox program
IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.
The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.
Our design philosophies behind the IronSuite tools
Ironfox is but one of the tools we have developed sandbox policies for. We have developed profiles for Adium, Thunderbird, Tweetdeck, Ventrilo, etc. To better describe how we have approached this, and what is going on behind the scenes, we have written a IronSuite Design philosophy document that we urge you as a user to read.
IronFox is usually only tested with the latest firefox, and we try to maintain support for MacOSX 10.6 to 10.8. In general, ironfox should work with any decently modern version of firefox, but you should for your own sake keep firefox updated, and of course also plugins, such as flash.
Installation instructions
Doubleclick the dmg file and drag IronFox to the Application folder. Please note - Firefox needs to be installed in /Applications otherwise it won't work. No Firefox binaries are shipped as part of the ironfox bundle.
Configuration instructions
As ironfox now is possible to config by users, a new page with configuration instructions is available. See Config
Maverick beta
- Beta release with initial mavericks support
- Still backwards compat with all previous releases.
In addition the never officially released 1.4 have the following changes
- Fixed annoying bug that prevented startup on 10.6 snowleopard
- removed plugins not used (snagit, 1passwd, nexus)
- Changed allowd ipc-posix-shm from all to whitelist
- Updated startscript to handle uid in shm segments
- Removed job-creation
- Removed netstat exec privs, (libnss bug 511515)
- Removed fork unless plugin-container is involved
- Signals can now only be sent to children (only allowed with plugin container)
- Removed system-socket unless plugin-container is involved
- Removed redundant rules
Releases and download instructions
prompt$ $ shasum -a 512 IronFox-1.3.dmg b29cdb4226ac1477d3f421930077af5a621e36589bb1fabcc36d0e48142232990965e09c3299bcd13b1e3fecfb1dcfc4b8b8e7373cfbdf4de53a5c920cba81dd IronFox-1.3.dmg
Please verify the integrity of the package with the PGP signature: IronFox-1.3.dmg.asc
Changes for version 1.3
- Significantly harden policy, remove potential attack vectors.
- No IOkits allowed default, only added if you need flash or fullscreen.
- Flash no longer allowed default
- Add support for MacOSX 10.8
- Drop support for MacOSX 10.5
- Add support for Retina displays
- Update icons to look decent on retina screens.
- Reduced allowed IPC services default from 38 to 17
IronFox 1.3 took way too long time to get released. A later blogpost will explain why this is the case, and will be linked from here. We will also move to a public git after som clean up of the build process.
This Binary is also signed with a macosx developer key. To verify the signature, use the following command:
codesign --display --verbose=4 /Applications/IronFox.app
You should get the following output:
Executable=/Applications/IronFox.app/Contents/MacOS/IronFox Identifier=com.romab.IronFox Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=186 flags=0x0(none) hashes=3+3 location=embedded Hash type=sha1 size=20 CDHash=f13251fa57d4eda5e2c0528fb94b3fb6e5f00ab3 Signature size=8524 Authority=Developer ID Application: Robert Malmgren AB/ Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Jan 29, 2013 9:36:42 AM Info.plist entries=19 Sealed Resources rules=4 files=53 Internal requirements count=1 size=180
If the signatur does not match, the following will be displayed:
/Applications/IronFox.app: invalid signature (code or signature have been modified)
WARNING: All versions prior to 1.3 are to be considered deprecated and should not be used. If there are issues with 1.3, report a bug. Do not go back to an earlier release.
Looking for older stuff? See the historical page.
Bug reports, questions, comments, shoutouts, etc
We would appreciate any feedback. Please contact us by sending e-mail to: ironsuite AT romab.com