web browser suid [was Preemptive strategies]
robert at linuxfromscratch.org
Mon Sep 29 21:11:58 PDT 2008
In the spirit of splitting up privileges, has there been much consideration
into installing web browsers as suid user "webbrowser", or something along
These programs do a lot of downloading... for example they could download to a
partition which is noexec, so nothing downloaded could be executed directly.
I haven't tried this, and don't know it if works.
A user "webbrowser" would also keep the browser from overwriting files
In Linux, web-based plugin installs are extremely rare unless you're root, in
Partitioning the browser would help reduce privilege escalation, including to
non-root users (especially non-root users with sudo rules).
This is just a random thought that occurred to me when thinking about the
problem Windows has when installing all plugins as root, and that it could
affect Linux users installing/running as their own user.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev