Bugs in Browsers: Mozilla & Co. vs. Exploder
Dear all,
on the one hand one reads about bugs in the Mircosoft Internet
Exploder based on Active Scripting and other holes quite often. On
the other hand, rarely bugs in the Mozilla and Co. are reported.
However, I believe that bugs are human -- without touching the
philosophical question whether humans are no bugs ,-). So, bugs do
also exist in Mozilla and Co, I assume.
When I take now a look to Mozilla that is run on my Debian box,
ruf ... /usr/lib/mozilla/mozilla-bin
ruf ... \_ /usr/lib/mozilla/mozilla-bin
ruf ... \_ /usr/lib/mozilla/mozilla-bin
ruf ... \_ /usr/lib/mozilla/mozilla-bin
ruf ... \_ /usr/lib/mozilla/mozilla-bin
ruf ... \_ /usr/lib/mozilla/mozilla-bin
Mozilla runs with my user id. This I do not really appreciate.
So, my question is quite easy: wouldn't it be more secure if mozilla
was installed by dselect/apt-get/dpkg with set-uid to nobody.nogroup?
/* Of course, this would make impossible to download files into one's
home directory except it was world writable -- and caching files
would cause either more headache or the appropriate directory would
require world writability, too.
But Linux is quite often used on personal stations where only one
user account exists, e.g. on my laptop. In this case, I would
prefer writing the downloaded files to /tmp all the time and having
world writable caches but would get little more security. */
I could imagine an installation option in --preconfigure like with
sshd.
What do you think?
wbr,
Lukas
--
Lukas Ruf
http://www.lpr.ch
Wanna know anything about raw IP?
Join rawip@rawip.org on http://www.rawip.org
Reply to: