1 |
Mark Knecht posted |
2 |
<5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted |
3 |
below, on Tue, 13 Dec 2005 15:03:49 -0800: |
4 |
|
5 |
> 1) Everything seems to work fine so far as root. I have Firefox, Java, |
6 |
> Flash and mplayer all working nicely. I can browse the web pages I |
7 |
> need to and play the wmv video training files and do the exercises |
8 |
> just fine. |
9 |
|
10 |
Waitaminute... You are browsing the web as root? That's NOT a good |
11 |
idea, particularly with all sorts of plugins (meaning all sorts of |
12 |
opportunities for vulnerabilities) setup. It extreme situations, I |
13 |
/might/ browse as root using links or lynx in text-mode only, preferably |
14 |
without even scripting turned on, but even then, I feel like I'm leaving |
15 |
myself open to more than I want. It may be a chroot environment, but that |
16 |
doesn't mean it's impossible to break outof, and browsing as root, unless |
17 |
it's ONLY to local stuff you've written yourself (or documentation that |
18 |
you trust doesn't contain deliberate exploits), is NOT a good idea! |
19 |
|
20 |
As for home, you could mount --bind it as well, if desired, then create |
21 |
a stub user in the chroot to use for browsing the web or whatever. I'd |
22 |
certainly create the stub user, regardless of whether I bind-mounted /home |
23 |
into the chroot or not. |
24 |
|
25 |
-- |
26 |
Duncan - List replies preferred. No HTML msgs. |
27 |
"Every nonfree program has a lord, a master -- |
28 |
and if you use the program, he is your master." Richard Stallman in |
29 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
30 |
|
31 |
|
32 |
-- |
33 |
gentoo-amd64@g.o mailing list |