robert at linuxfromscratch.org
Mon Dec 7 21:52:27 PST 2009
I want to brainstorm something I brought up before.
The firefox (or irssi, or even ssh client) program could be run as another
user/group (suid/sgid), so that it does not have permission to
read/write/execute files it does not need. So it has less than your
permissions. But, under this design firefox would be able to write to other
user's cache. What is the way around this problem?
chroot might be of help. The firefox client could chroot to ~/.firefox,
running as the firefox user/group, who has permission on your ~/.firefox
directory. Other users would not have the ability to do this if they're
confined to this /usr/bin/ssh script.
Making /usr/bin/ssh a script to use suid myusername-suid, is another idea, so
that system users do not reuse the same user for firefox (or irssi, or
ssh)... so it is impossible for one program to get permissions on another.
The number of usernames in /etc/password skyrockets with this though... with
one new user for each application, multiplied by each user.
Access control lists can also control this, but I am looking for another level
to create a redundancy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev