1 |
On 12/13/05, Duncan <1i5t5.duncan@×××.net> wrote: |
2 |
> Mark Knecht posted |
3 |
> <5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted |
4 |
> below, on Tue, 13 Dec 2005 15:03:49 -0800: |
5 |
> |
6 |
> > 1) Everything seems to work fine so far as root. I have Firefox, Java, |
7 |
> > Flash and mplayer all working nicely. I can browse the web pages I |
8 |
> > need to and play the wmv video training files and do the exercises |
9 |
> > just fine. |
10 |
> |
11 |
> Waitaminute... You are browsing the web as root? That's NOT a good |
12 |
> idea, particularly with all sorts of plugins (meaning all sorts of |
13 |
> opportunities for vulnerabilities) setup. It extreme situations, I |
14 |
> /might/ browse as root using links or lynx in text-mode only, preferably |
15 |
> without even scripting turned on, but even then, I feel like I'm leaving |
16 |
> myself open to more than I want. It may be a chroot environment, but that |
17 |
> doesn't mean it's impossible to break outof, and browsing as root, unless |
18 |
> it's ONLY to local stuff you've written yourself (or documentation that |
19 |
> you trust doesn't contain deliberate exploits), is NOT a good idea! |
20 |
> |
21 |
> As for home, you could mount --bind it as well, if desired, then create |
22 |
> a stub user in the chroot to use for browsing the web or whatever. I'd |
23 |
> certainly create the stub user, regardless of whether I bind-mounted /home |
24 |
> into the chroot or not. |
25 |
> |
26 |
> -- |
27 |
> Duncan |
28 |
|
29 |
Duncan, |
30 |
Hi. I completely agree with your issues above. Unfortunately there |
31 |
are times, such as this one where we paid $thousands to take an |
32 |
in-depth investing class and we needed immediate computer capabilities |
33 |
or we'd have to bring Windows back up. That wasn't acceptable. |
34 |
|
35 |
Generally speaking, for the last few days, the only place I've been |
36 |
browsing is this one site where we're getting trained, as well as |
37 |
using GMail. I have a reasonable expectation that both of these sites |
38 |
are honest and would not knowingly do anything wrong. That doesn't |
39 |
mean there couldn't be a problem, but sometimes you have to take short |
40 |
term risks in order to move forward at an acceptable pace. |
41 |
|
42 |
The plan was ALWAYS to be able to use the chrooted environment as a |
43 |
user, not root. I am now trying to get the user level stuff set up but |
44 |
there seem to be a number of issues around running in a chrooted |
45 |
environment that are stumping me. I cannote run updatedb to get |
46 |
slocate working. I guess this is related to why df doesn't work also. |
47 |
I cannot emerge vi yet to management is slow. I need to create the |
48 |
user accounts and I need to have the environment not interfere so much |
49 |
with the AMD64 partition setup. |
50 |
|
51 |
One thing I'm working on right now is a setup that would allow me |
52 |
to dual boot into the athlon-xp environment for testing purposes. I |
53 |
run a real-time development kernel from Ingo Molnar for my audio work. |
54 |
So far I cannot make it work as well as my older Athlon-xp machines so |
55 |
I'm going to boot into the chroot with it's own kernel to see if this |
56 |
is a 64-bit issue. But that's for later. |
57 |
|
58 |
Question - Could /home be a separate partition that's visible |
59 |
(somehow) to both environments? |
60 |
|
61 |
Again, you are a great resourse. Thanks for your inputs. They are |
62 |
always helpful. |
63 |
|
64 |
Cheers, |
65 |
Mark |
66 |
|
67 |
-- |
68 |
gentoo-amd64@g.o mailing list |