On Unix-esque systems, Mozilla Firefox stores a users' preferences, web history and stored passwords in a set of files that are readible and writeable by that particular user.
This makes sense: when the user bob
is running Firefox, these files need to be readable by bob
in order for Firefox to access them. However, this also means that any malicious application Bob accidently runs has access to this rather personal information as well.
So why wouldn't browsers like Firefox create a new user, with a random password, called something like firefox-bob
, which would be the only user able to access these files?
Subsequently, the main firefox
executable could be owned by firefox-bob
, executable by bob
, and have its setuid
bit turned on.
It wouldn't surprise me if a similar system would also be possible under (recent versions of) Windows.
Of course such an approach would not be resistant against malware gaining root permissions or exploits within the browser itself. Still, I think utilising file permissions like this could significantly enhance the security of stored passwords or other private data.
Would this be a good idea? Or am I missing something? Are there practical issues with this approach?