| 1 |
Mark Knecht posted |
| 2 |
<5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted |
| 3 |
below, on Tue, 13 Dec 2005 15:03:49 -0800: |
| 4 |
|
| 5 |
> 1) Everything seems to work fine so far as root. I have Firefox, Java, |
| 6 |
> Flash and mplayer all working nicely. I can browse the web pages I |
| 7 |
> need to and play the wmv video training files and do the exercises |
| 8 |
> just fine. |
| 9 |
|
| 10 |
Waitaminute... You are browsing the web as root? That's NOT a good |
| 11 |
idea, particularly with all sorts of plugins (meaning all sorts of |
| 12 |
opportunities for vulnerabilities) setup. It extreme situations, I |
| 13 |
/might/ browse as root using links or lynx in text-mode only, preferably |
| 14 |
without even scripting turned on, but even then, I feel like I'm leaving |
| 15 |
myself open to more than I want. It may be a chroot environment, but that |
| 16 |
doesn't mean it's impossible to break outof, and browsing as root, unless |
| 17 |
it's ONLY to local stuff you've written yourself (or documentation that |
| 18 |
you trust doesn't contain deliberate exploits), is NOT a good idea! |
| 19 |
|
| 20 |
As for home, you could mount --bind it as well, if desired, then create |
| 21 |
a stub user in the chroot to use for browsing the web or whatever. I'd |
| 22 |
certainly create the stub user, regardless of whether I bind-mounted /home |
| 23 |
into the chroot or not. |
| 24 |
|
| 25 |
-- |
| 26 |
Duncan - List replies preferred. No HTML msgs. |
| 27 |
"Every nonfree program has a lord, a master -- |
| 28 |
and if you use the program, he is your master." Richard Stallman in |
| 29 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-amd64@g.o mailing list |
Archives