Mark Knecht posted
below, on Tue, 13 Dec 2005 15:03:49 -0800:
> 1) Everything seems to work fine so far as root. I have Firefox, Java,
> Flash and mplayer all working nicely. I can browse the web pages I
> need to and play the wmv video training files and do the exercises
> just fine.
Waitaminute... You are browsing the web as root? That's NOT a good
idea, particularly with all sorts of plugins (meaning all sorts of
opportunities for vulnerabilities) setup. It extreme situations, I
/might/ browse as root using links or lynx in text-mode only, preferably
without even scripting turned on, but even then, I feel like I'm leaving
myself open to more than I want. It may be a chroot environment, but that
doesn't mean it's impossible to break outof, and browsing as root, unless
it's ONLY to local stuff you've written yourself (or documentation that
you trust doesn't contain deliberate exploits), is NOT a good idea!
As for home, you could mount --bind it as well, if desired, then create
a stub user in the chroot to use for browsing the web or whatever. I'd
certainly create the stub user, regardless of whether I bind-mounted /home
into the chroot or not.
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman in
firstname.lastname@example.org mailing list