Risk of using Iceweasel / firefox [Was Re: GLIBC_2.4]
On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
> Doug writes:
> > It would only be a security issue if the permissions on your home
> > directory and/or the execs themselves allowed others to execute them.
>
> A buggy application (buffer overflow in Firefox...) or an evil bit of
> JavaScript could be used by a "virus" to install a trojan in $HOME/bin.
If Iceweasel is such a security risk, perhaps I should create a separate
user under which to use it. What all can a buggy Iceweasel allow? Yes,
I know, anything that I can do as myself.
I know that root shouldn't run Iceweasel (or any X app?) and certainly
not startx itself. What about a normal user who is a member of
priveledged groups like: wheel, ssh, adm, or staff?
Doug.
Reply to: