On 12/13/05, Duncan <1i5t5.duncan@...> wrote:
> Mark Knecht posted
> <5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@...>, excerpted
> below, on Tue, 13 Dec 2005 15:03:49 -0800:
> > 1) Everything seems to work fine so far as root. I have Firefox, Java,
> > Flash and mplayer all working nicely. I can browse the web pages I
> > need to and play the wmv video training files and do the exercises
> > just fine.
> Waitaminute... You are browsing the web as root? That's NOT a good
> idea, particularly with all sorts of plugins (meaning all sorts of
> opportunities for vulnerabilities) setup. It extreme situations, I
> /might/ browse as root using links or lynx in text-mode only, preferably
> without even scripting turned on, but even then, I feel like I'm leaving
> myself open to more than I want. It may be a chroot environment, but that
> doesn't mean it's impossible to break outof, and browsing as root, unless
> it's ONLY to local stuff you've written yourself (or documentation that
> you trust doesn't contain deliberate exploits), is NOT a good idea!
> As for home, you could mount --bind it as well, if desired, then create
> a stub user in the chroot to use for browsing the web or whatever. I'd
> certainly create the stub user, regardless of whether I bind-mounted /home
> into the chroot or not.
Hi. I completely agree with your issues above. Unfortunately there
are times, such as this one where we paid $thousands to take an
in-depth investing class and we needed immediate computer capabilities
or we'd have to bring Windows back up. That wasn't acceptable.
Generally speaking, for the last few days, the only place I've been
browsing is this one site where we're getting trained, as well as
using GMail. I have a reasonable expectation that both of these sites
are honest and would not knowingly do anything wrong. That doesn't
mean there couldn't be a problem, but sometimes you have to take short
term risks in order to move forward at an acceptable pace.
The plan was ALWAYS to be able to use the chrooted environment as a
user, not root. I am now trying to get the user level stuff set up but
there seem to be a number of issues around running in a chrooted
environment that are stumping me. I cannote run updatedb to get
slocate working. I guess this is related to why df doesn't work also.
I cannot emerge vi yet to management is slow. I need to create the
user accounts and I need to have the environment not interfere so much
with the AMD64 partition setup.
One thing I'm working on right now is a setup that would allow me
to dual boot into the athlon-xp environment for testing purposes. I
run a real-time development kernel from Ingo Molnar for my audio work.
So far I cannot make it work as well as my older Athlon-xp machines so
I'm going to boot into the chroot with it's own kernel to see if this
is a 64-bit issue. But that's for later.
Question - Could /home be a separate partition that's visible
(somehow) to both environments?
Again, you are a great resourse. Thanks for your inputs. They are
firstname.lastname@example.org mailing list