Re: Bugs in Browsers: Mozilla & Co. vs. Exploder

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Bugs in Browsers: Mozilla & Co. vs. Exploder
From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
Date: Thu, 12 Dec 2002 19:10:46 -0600
Message-id: <[🔎] 20021213011046.GE9527@jamin-mini>
Mail-followup-to: Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20021212225722.GB15914@maremma.ch>
References: <[🔎] 20021212225722.GB15914@maremma.ch>

On Thu, Dec 12, 2002 at 11:57:22PM +0100, Lukas Ruf wrote:

> So, my question is quite easy: wouldn't it be more secure if mozilla
> was installed by dselect/apt-get/dpkg with set-uid to nobody.nogroup?
(snip)
> What do you think?

Since you asked, I think it would be a waste of time.  Provided your
user account has normal user "style" privileges there's little damage an
exploit in an application running as your user can do to the system.
So, what exactly are you looking to accomplish by changing the user and
group that the application runs as?  Additionally, Linux is frequently
installed on multi-user systems, thus the central cache and download
location would be a hassle.

-- 
Jamin W. Collins

Reply to:

References:
- Bugs in Browsers: Mozilla & Co. vs. Exploder
  - From: Lukas Ruf <ruf@rawip.org>

Prev by Date: LILO on the second disk loaded by GRUB
Next by Date: Re: [debian-user] kde3 widget themes gone
Previous by thread: dhclient not working properly after failed network install
Next by thread: security update script?
Index(es):
- Date
- Thread