web browser suid [was Preemptive strategies]

Robert Connolly robert at linuxfromscratch.org
Mon Sep 29 21:11:58 PDT 2008


Hello.

In the spirit of splitting up privileges, has there been much consideration 
into installing web browsers as suid user "webbrowser", or something along 
these lines.

These programs do a lot of downloading... for example they could download to a 
partition which is noexec, so nothing downloaded could be executed directly. 
I haven't tried this, and don't know it if works.

A user "webbrowser" would also keep the browser from overwriting files 
in /home/<myuser>.

In Linux, web-based plugin installs are extremely rare unless you're root, in 
my experience.

Partitioning the browser would help reduce privilege escalation, including to 
non-root users (especially non-root users with sudo rules).

This is just a random thought that occurred to me when thinking about the 
problem Windows has when installing all plugins as root, and that it could 
affect Linux users installing/running as their own user.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080930/1cccd86f/attachment.sig>


More information about the hlfs-dev mailing list