[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Risk of using Iceweasel / firefox [Was Re: GLIBC_2.4]

On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
> Doug writes:
> > It would only be a security issue if the permissions on your home
> > directory and/or the execs themselves allowed others to execute them.
> 
> A buggy application (buffer overflow in Firefox...) or an evil bit of
> JavaScript could be used by a "virus" to install a trojan in $HOME/bin.

If Iceweasel is such a security risk, perhaps I should create a separate
user under which to use it.  What all can a buggy Iceweasel allow?  Yes,
I know, anything that I can do as myself.

I know that root shouldn't run Iceweasel (or any X app?) and certainly
not startx itself.  What about a normal user who is a member of
priveledged groups like: wheel, ssh, adm, or staff?

Doug.
Reply to: