| 1 |
On 12/13/05, Duncan <1i5t5.duncan@×××.net> wrote: |
| 2 |
> Mark Knecht posted |
| 3 |
> <5bdc1c8b0512131503n3c3cfcb4p9e7f3e6780dedf8d@××××××××××.com>, excerpted |
| 4 |
> below, on Tue, 13 Dec 2005 15:03:49 -0800: |
| 5 |
> |
| 6 |
> > 1) Everything seems to work fine so far as root. I have Firefox, Java, |
| 7 |
> > Flash and mplayer all working nicely. I can browse the web pages I |
| 8 |
> > need to and play the wmv video training files and do the exercises |
| 9 |
> > just fine. |
| 10 |
> |
| 11 |
> Waitaminute... You are browsing the web as root? That's NOT a good |
| 12 |
> idea, particularly with all sorts of plugins (meaning all sorts of |
| 13 |
> opportunities for vulnerabilities) setup. It extreme situations, I |
| 14 |
> /might/ browse as root using links or lynx in text-mode only, preferably |
| 15 |
> without even scripting turned on, but even then, I feel like I'm leaving |
| 16 |
> myself open to more than I want. It may be a chroot environment, but that |
| 17 |
> doesn't mean it's impossible to break outof, and browsing as root, unless |
| 18 |
> it's ONLY to local stuff you've written yourself (or documentation that |
| 19 |
> you trust doesn't contain deliberate exploits), is NOT a good idea! |
| 20 |
> |
| 21 |
> As for home, you could mount --bind it as well, if desired, then create |
| 22 |
> a stub user in the chroot to use for browsing the web or whatever. I'd |
| 23 |
> certainly create the stub user, regardless of whether I bind-mounted /home |
| 24 |
> into the chroot or not. |
| 25 |
> |
| 26 |
> -- |
| 27 |
> Duncan |
| 28 |
|
| 29 |
Duncan, |
| 30 |
Hi. I completely agree with your issues above. Unfortunately there |
| 31 |
are times, such as this one where we paid $thousands to take an |
| 32 |
in-depth investing class and we needed immediate computer capabilities |
| 33 |
or we'd have to bring Windows back up. That wasn't acceptable. |
| 34 |
|
| 35 |
Generally speaking, for the last few days, the only place I've been |
| 36 |
browsing is this one site where we're getting trained, as well as |
| 37 |
using GMail. I have a reasonable expectation that both of these sites |
| 38 |
are honest and would not knowingly do anything wrong. That doesn't |
| 39 |
mean there couldn't be a problem, but sometimes you have to take short |
| 40 |
term risks in order to move forward at an acceptable pace. |
| 41 |
|
| 42 |
The plan was ALWAYS to be able to use the chrooted environment as a |
| 43 |
user, not root. I am now trying to get the user level stuff set up but |
| 44 |
there seem to be a number of issues around running in a chrooted |
| 45 |
environment that are stumping me. I cannote run updatedb to get |
| 46 |
slocate working. I guess this is related to why df doesn't work also. |
| 47 |
I cannot emerge vi yet to management is slow. I need to create the |
| 48 |
user accounts and I need to have the environment not interfere so much |
| 49 |
with the AMD64 partition setup. |
| 50 |
|
| 51 |
One thing I'm working on right now is a setup that would allow me |
| 52 |
to dual boot into the athlon-xp environment for testing purposes. I |
| 53 |
run a real-time development kernel from Ingo Molnar for my audio work. |
| 54 |
So far I cannot make it work as well as my older Athlon-xp machines so |
| 55 |
I'm going to boot into the chroot with it's own kernel to see if this |
| 56 |
is a 64-bit issue. But that's for later. |
| 57 |
|
| 58 |
Question - Could /home be a separate partition that's visible |
| 59 |
(somehow) to both environments? |
| 60 |
|
| 61 |
Again, you are a great resourse. Thanks for your inputs. They are |
| 62 |
always helpful. |
| 63 |
|
| 64 |
Cheers, |
| 65 |
Mark |
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-amd64@g.o mailing list |
Archives