Rob Austein b7434629d7 Icky hack | 5 yıl önce | |
---|---|---|
.dockerignore | 5 yıl önce | |
.gitignore | 5 yıl önce | |
Dockerfile | 5 yıl önce | |
Makefile | 5 yıl önce | |
README.md | 5 yıl önce | |
create.sh | 5 yıl önce | |
icewm.menu | 5 yıl önce | |
ratpoisonrc | 5 yıl önce | |
run.sh | 5 yıl önce | |
startup.sh | 5 yıl önce |
Waterfox running under Xvnc inside a Docker container, a demented tool to solve a demented problem.
Occasionally one needs to run dangerous code in a web brower, eg, some dodgy Java app which is the only available interface to some critical resource. Running this in one's normal web browser is a bad idea.
So what one really wants here is a burner web browser. Here you go.
See create.sh
and run.sh
for ways one might use the image.
Something along the lines of the run.sh
formulation might work well
as the command portion of a tunneling ssh -L 5900:127.0.0.1:5900
command.
This version is based on Ubuntu rather than Debian, because I was trying to get the icedtea-web Java Plugin stuff to work. Didn't work, but then I tried a recipe for getting Java SE instead of OpenJDK, and that does seem to work. Might work equally well on Debian.
Sadly, this approach requires one to download JRE directly from Oracle, get an account, and check through a license agreement, so I can't just give it away, you'll have to download the JRE yourself.
Kate's reference on installing Java
Even with this, Java still whines a lot when dealing with the kind of
crappy old IPMI consoles that require this insanity in the first
place. Among other things, Java whines that the crappy Java app
supplied by IPMI isn't signed properly (true), and therefore refuses
to run it (why were we doing this again?). Once one gets past that,
one has to argue with Waterfox a bit to get it to believe that you
want to use javaws
as the launcher for jnlp
files.
You can bypass the Java whining by prepopulating
/root/.java/deployment/security/exception.sites
with a URL
whitelist. The format appears to be one URL per line, no comments or
other formatting. Example:
https://ipmi.foo.example.org
https://ipmi.bar.example.org
There's probably some way to preset Waterfox's MIME handler for jnlp
files to run /usr/bin/javaws
but after working out all of the above
I lack the patience to dig further today.
Yeah, there's a way, and it's disgusting: pre-populate the Waterfox
config tree, then overwrite or edit handlers.json
. Something like
this would work for the pre-population step:
waterfox --headless & waterfox=$!
sleep 2
kill -HUP $waterfox
Then either blindly cp
or use a small Python script to edit the
JSON. The snippet we want to add is:
"application/x-java-jnlp-file": {
"action": 2,
"extensions": [
"jnlp"
],
"handlers": [
{
"name": "javaws",
"path": "/usr/bin/javaws"
}
]
}
as another entry in the mimeTypes
section.
>>> import json
>>> handlers = json.load(open("handlers.json"))
>>> handlers["mimeTypes"]["application/x-java-jnlp-file"]
{u'action': 2, u'extensions': [u'jnlp'], u'handlers': [{u'path': u'/usr/bin/javaws', u'name': u'javaws'}]}