igo95862
commented
3 months ago Hello @boredsquirrel
I had an idea about something like this but is pretty complicated.
- connect to internet
You probably want to bind to the raw interface to bypass any VPNs. I think slirp4netns can do that but I have not tested it.
- use DNS over DHCP
You can mount a file with updated nameservers on top of /etc/resolv.conf but first you need to know the nameservers used by local network. I believe the NetworkManager saves the nameservers acquired from DHCP in /run/NetworkManager/resolv.conf but I am not sure how other network configuration managers do it. Also there is an issue with bubblewrap not being able to mount on top of symlinks and /etc/resolv.conf is often a symlink.
- do not download stuff or save any files permanently (ephemeral)
I have some ideas on how to implement that (making a home directory a tmpfs) in a generic way. I might experiment with it.
Description
Captive portals may be dangerous, but require stupidly insecure DNS and HTTPS rules.
I use a seprate FF profile currently, that uses insecure DNS advertized over DHCP, doesnt enforce HTTPS etc.
But having a browser window that uses a native webengine, in very restricted mode, may be better.