Gentoo Archives: gentoo-amd64

From: Mark Knecht <markknecht@×××××.com>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Re: chrooted environment not available to users
Date: Wed, 14 Dec 2005 00:15:31
Message-Id: 5bdc1c8b0512131611q4d0ae719x25e7955a59cff812@mail.gmail.com
In Reply to: [gentoo-amd64] Re: chrooted environment not available to users by Duncan <1i5t5.duncan@cox.net>
On 12/13/05, Duncan <1i5t5.duncan@×××.net> wrote:
> Mark Knecht posted > <5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted > below, on Tue, 13 Dec 2005 15:03:49 -0800: > > > 1) Everything seems to work fine so far as root. I have Firefox, Java, > > Flash and mplayer all working nicely. I can browse the web pages I > > need to and play the wmv video training files and do the exercises > > just fine. > > Waitaminute... You are browsing the web as root? That's NOT a good > idea, particularly with all sorts of plugins (meaning all sorts of > opportunities for vulnerabilities) setup. It extreme situations, I > /might/ browse as root using links or lynx in text-mode only, preferably > without even scripting turned on, but even then, I feel like I'm leaving > myself open to more than I want. It may be a chroot environment, but that > doesn't mean it's impossible to break outof, and browsing as root, unless > it's ONLY to local stuff you've written yourself (or documentation that > you trust doesn't contain deliberate exploits), is NOT a good idea! > > As for home, you could mount --bind it as well, if desired, then create > a stub user in the chroot to use for browsing the web or whatever. I'd > certainly create the stub user, regardless of whether I bind-mounted /home > into the chroot or not. > > -- > Duncan
Duncan, Hi. I completely agree with your issues above. Unfortunately there are times, such as this one where we paid $thousands to take an in-depth investing class and we needed immediate computer capabilities or we'd have to bring Windows back up. That wasn't acceptable. Generally speaking, for the last few days, the only place I've been browsing is this one site where we're getting trained, as well as using GMail. I have a reasonable expectation that both of these sites are honest and would not knowingly do anything wrong. That doesn't mean there couldn't be a problem, but sometimes you have to take short term risks in order to move forward at an acceptable pace. The plan was ALWAYS to be able to use the chrooted environment as a user, not root. I am now trying to get the user level stuff set up but there seem to be a number of issues around running in a chrooted environment that are stumping me. I cannote run updatedb to get slocate working. I guess this is related to why df doesn't work also. I cannot emerge vi yet to management is slow. I need to create the user accounts and I need to have the environment not interfere so much with the AMD64 partition setup. One thing I'm working on right now is a setup that would allow me to dual boot into the athlon-xp environment for testing purposes. I run a real-time development kernel from Ingo Molnar for my audio work. So far I cannot make it work as well as my older Athlon-xp machines so I'm going to boot into the chroot with it's own kernel to see if this is a 64-bit issue. But that's for later. Question - Could /home be a separate partition that's visible (somehow) to both environments? Again, you are a great resourse. Thanks for your inputs. They are always helpful. Cheers, Mark -- gentoo-amd64@g.o mailing list

Replies

Subject Author
[gentoo-amd64] Re: Re: chrooted environment not available to users Duncan <1i5t5.duncan@×××.net>