The IronFox program
IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.
The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.
Our design philosophies behind the IronSuite tools
Ironfox is but one of the tools we have developed sandbox policies for. We have developed profiles for Adium, Thunderbird, Tweetdeck, Ventrilo, etc. To better describe how we have approached this, and what is going on behind the scenes, we have written a IronSuite Design philosophy document that we urge you as a user to read.
IronFox only works with Firefox 4.x, 3.6 and MacOSX 10.6 and 10.5. Version 0.8 introduced beta support for 10.5 . 10.4 does not support the kernel features required, therefor there will never be an ironfox release for tiger.
Support for Firefox 4 came in the 1.0 release
Installation instructions
Doubleclick the dmg file and drag IronFox to the Application folder. Please note - Firefox needs to be installed in /Applications otherwise it won't work. No Firefox binaries are shipped as part of the ironfox bundle.
Configuration instructions
As ironfox now is possible to config by users, a new page with configuration instructions is available. See Config
Releases and download instructions
downloads are also available over https.
prompt$ $ shasum -a 512 IronFox-1.2.dmg 316758cea02343fef36311872d1ca61c3279cc03155b96cf7c637a8efc4c4bd7a18e6fb0ebdaf7c2a083e4c3045df52f867790e8f137f6660fcfd4b2bbdd29be IronFox-1.2.dmg
Please verify the integrity of the package with the PGP signature: IronFox-1.2.dmg.asc
Changes for version 1.2
- Reduce the amount of iokits allowed from all to 9
- Add some additional mach ports to prevent crashes
- Better policy for metadata reads
prompt$ shasum -a 512 IronFox-1.1.dmg a5854792dc1caad595f66fe9b4fc6a59a6d06a652db1587d8329eaf2ec9bfaaffdfd8eb71b5cb989ca6b324c0d7bfc12098cbc0baaa7494af8503671d4247cfb IronFox-1.1.dmg
Please verify the integrity of the package with the PGP signature: IronFox-1.1.dmg.asc
Changes for version 1.1
- Support for Lion, finally!
- Faster startup with new launcher (no more platypus)
- Add new pluginpath for each osx-release
prompt$ shasum -a 512 IronFox-1.0.2.dmg 355c7d69dc1aea6cd710a3a1d9c48ce8f545b338fa35a809ccdb39c0ab16bef9abb6fa58513b1072c61fcf1ce109b7c3f7368fa56feb4d7e9f143d85a988dda1 IronFox-1.0.2.dmg
Changes for version 1.0.2
- Don't assume homedirs are in /Users
Changes for version 1.0.1 (no public release)
- Fix 10.5 policy to work with firefox 4
- Fix start script to strip comments to avoid 16k sb limit
prompt$ shasum -a 512 IronFox-1.0.dmg 2ded8f0bac4b25489caea17eed00484b48d34dd744379d4427c64e586883c6767cdc30a28c98a99d42f30c3c51f8132ed234958ef6de868573b220800eca9e1a IronFox-1.0.dmg
New features in the 1.0 version
- Support for Firefox4
- Support for nexus personal BankID
prompt$ shasum -a 512 IronFox-0.8.3.dmg 8f629641bcb25b4165568fc4cf455c5721067f1cdbc0dba4504f145aa36fcc38b9cf10f275c2bf9385d6b730656a445ee1c209ae1280f4779364767c2f1844d6 IronFox-0.8.3.dmg
New features in the 0.8.3 version
- Unbreak flash
- Ironsettings have a different release schedule, removed from package.
prompt$ shasum -a 512 IronFox-0.8.2.dmg 674e37d646f9e73c3e3de07570d781f5ac685cf7af7aafaf9e94a7c9caf4ffb40bf03aaab99cbd53872408df92b84a6136d4c2923d2f5feafe02b98f21313d01 IronFox-0.8.2.dmg
New features in the 0.8.2 version
- Added update scripts for firefox and ironfox (beta)
- Fix writedirs to actually work (still a bit buggy)
- Hardened policy to prevent viewing of files in user homedir
- Graphical config tool is now available in the installer
downloads are also available over https.
prompt$ shasum -a 512 IronFox-0.8.1.dmg 901c4a22a8bfb52d9c32b103a5fbcb05584f3e8504c4fd0c69a908f91d068f8f6bf5e9217ea6ada7318114bcc162f735c9d60f40e35c2ccd6e9024de82426352 IronFox-0.8.1.dmg
New features in the 0.8.1 version
- Fixed a logic error that prevented startup on MacOSX 10.5 leopard
prompt$ shasum -a 512 IronFox-0.8.0.dmg 3ab15998a56566c82cc61ada407156430eff6bb55de83832f6da792a8989a9886fdbd7a57fee947d303c526c339c2b42ff1550fdf496b3d09e9c3e304c7efc7f IronFox-0.8.0.dmg
New features in the 0.8.0 version
- unbreak flash (latest flash uses adobe instead of macromedia in some paths)
- Rewritten startup in perl. should be faster
- Added writeable_dirs_file to config file to allow users to whitelist their own directories.
- Added initial support for MacOSX 10.5 Leopard - Testers wanted!
- Added initial plugin support for MacOSX 10.5 Leopard - Testers wanted!
- Added function for friendly errors.
- Added blacklist for certain dirs, trying to help users from shooting themselfs in the foot.
- 10.6 compability fix for 10.5
IronFox-0.7.1.dmg and GPG signature file IronFox-0.7.1.dmg.sig
prompt$ shasum -a 512 IronFox-0.7.1.dmg c26f29fafa6f4d36ee17b28f8f657f273828124ea54e45d24e37b7c82bf6b9ad75577823fffdff5e6ee8889fd62a2efb90e2a88044f28e4b603bdf10ff1bcb74 IronFox-0.7.1.dmg
This release includes several fixes and features from earlier internal releases.
New features in the 0.7.1 version
- Added support for drag and drop of objects to and from ff via plugin
- FF will now only load whitelisted plugin
- Added support for Userconfig. Users non-specified entries will be disabled
- updated myyesno function to also take $i, for more sensible error messages.
- Making certain font info user modifiable
- Added plugin for colorprofiles
- Added plugin for MDS
- debug now allows crashreporter to run (still very restricted)
- IronFox have a proper installer now
- Updated error handling to actually exit when things go wrong
New features added in the 0.7 version
- Addition of an IronFox.config in /Applications/IronFox.app/Contents/Resources changes to that file can turn on/off features for the user
- Lots of more checks for a more stable execution
- Rewrote startup to support plugins
- download dir, flash, java, debug and kerberos are now easy to config
- renamed readme.txt and changelog.txt to be consistent with IronAdium distribution
New features added in the 0.6.3 version
- Fixed a bug in the kerberos module that made kerberos non-functional
ironfox-0.6.2.tar.gz and GPG signature file ironfox-0.6.2.tar.gz.sig
promt$ shasum -a 512 ironfox-0.6.2.tar.gz 6234300f7118230f7b3b9be6360dac49f25dcc3f5b47358f312b995b506a94547413eba14cad15d35da1a6b638a21d4f22e6543d1c85c3b850665fee57668b1d ironfox-0.6.2.tar.gz
Looking for older stuff? See the historical page.
Release information / Changelog
New features in the 0.6.2 release
- First release signed with ROMAB software signing GPG key
- Fixed some log in vain issues
- hopefully fixed an issue with /var/folders
New features in the 0.6.1 release
- it works.
New features in the 0.6 release
changes from 0.6
- Policy is cleaned up. ( 172 policy lines from 214)
- Netstat is allowed execution from policy. Likely a bug in NSS. See https://bugzilla.mozilla.org/show_bug.cgi?id=444359, http://mxr.mozilla.org/security/source/security/nss/lib/freebl/unix_rand.c#981
- Color profiles are now allowed. btw - thnx to impact.
- Log messages for file-read-metadata have been silenced
- License header now in place for all files. (Two clause BSD, yayh! )
- Improved documentation
New features in the 0.5 release
-IronFox support for kerberos/spnego
-IronFox support for the propriatry 1passwd plugin
-No more double icons (ie, no longer both ff and ironfox)
-IronFox now shutsdown when ff-ironfox is shutdown
-The new release will clean up in the /var/folder directory after it has started
Bug reports, questions, comments, shoutouts, etc
We would appreciate any feedback. Please contact us by sending e-mail to: ironsuite AT romab.com