On Thu, Dec 12, 2002 at 11:57:22PM +0100, Lukas Ruf wrote: > So, my question is quite easy: wouldn't it be more secure if mozilla > was installed by dselect/apt-get/dpkg with set-uid to nobody.nogroup? > /* Of course, this would make impossible to download files into one's > home directory except it was world writable -- and caching files > would cause either more headache or the appropriate directory would > require world writability, too. > But Linux is quite often used on personal stations where only one > user account exists, e.g. on my laptop. In this case, I would > prefer writing the downloaded files to /tmp all the time and having > world writable caches but would get little more security. */ > I could imagine an installation option in --preconfigure like with > sshd. i think this would cause more problems than it would create. cache files, x authentication, and downloading files all come to mind. whatever you might do to get around these limitations would probably be a greater security risk than the reason for doing this in the first place. as a simple rule of thumb, don't give your normal/browser user the priviledges to break anything important. that is, you shouldn't run on your X desktop as root, you shouldn't give your normal user write priviledges to any important files, et c. for example, i even have my personal music collection mounted such that i can't modify it without su'ing. unalike a certain other operating system, you can't overwrite kernel memory with a buggy email client. but if you _really_ wanted to do this, no-one's stopping you, you can already do it quite easily: alias mozilla='su root -c "su nobody -c mozilla"' but don't expect it to work, for one of the reasons outlined above sean
Attachment:
pgpDMWs9PslC4.pgp
Description: PGP signature