Re: chroot a few apps
Hi,
On Sat, Jan 09, 2010 at 10:26:47AM +0100, Vadkan Jozsef wrote:
> What kind of chroot should I use, if I want to make a more secured
> desktop, running e.g.:
...
> or e.g.: I have to open a .doc file, that I don't trust, or a PDF can
> contain malicious code :(
Chroot only provides limited security and it is not practical for
purpose you described. (I mean wrong tool for desktop apps.)
Debian is fairly safe as default.
If you wish to have security with reasonable efforts with minimal
knowledge, I suggest followings:
1. Use stable system with latest security updates and not to do funny
configuration such as chroot. You will make system more insecure
if it is not done very well.
2. Use alternate user account for somewhat insecure actions for now
to limit damages.
3. Do not execute program from insecure source intentionally.
4. Read "Securing Debian Manual" and follow.
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
5. Run desktop applications under a virtual system such as kvm,
virtualbox-ose, ... with freshly copied clean system if you are
really paranoid and have to access such insecure documents.
I know these are not the best thing for the security but quite practical.
Osamu
Reply to: