Gentoo Archives: gentoo-amd64

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-amd64@l.g.o
Subject: [gentoo-amd64] Re: chrooted environment not available to users
Date: Tue, 13 Dec 2005 23:41:13
Message-Id: pan.2005.12.13.23.35.02.197857@cox.net
In Reply to: Re: [gentoo-amd64] chrooted environment not available to users by Mark Knecht
Mark Knecht posted
<5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted
below,  on Tue, 13 Dec 2005 15:03:49 -0800:

> 1) Everything seems to work fine so far as root. I have Firefox, Java, > Flash and mplayer all working nicely. I can browse the web pages I > need to and play the wmv video training files and do the exercises > just fine.
Waitaminute... You are browsing the web as root? That's NOT a good idea, particularly with all sorts of plugins (meaning all sorts of opportunities for vulnerabilities) setup. It extreme situations, I /might/ browse as root using links or lynx in text-mode only, preferably without even scripting turned on, but even then, I feel like I'm leaving myself open to more than I want. It may be a chroot environment, but that doesn't mean it's impossible to break outof, and browsing as root, unless it's ONLY to local stuff you've written yourself (or documentation that you trust doesn't contain deliberate exploits), is NOT a good idea! As for home, you could mount --bind it as well, if desired, then create a stub user in the chroot to use for browsing the web or whatever. I'd certainly create the stub user, regardless of whether I bind-mounted /home into the chroot or not. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman in http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html -- gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] Re: chrooted environment not available to users Mark Knecht <markknecht@×××××.com>