Another level

Robert Connolly robert at
Mon Dec 7 21:52:27 PST 2009

I want to brainstorm something I brought up before.

The firefox (or irssi, or even ssh client) program could be run as another 
user/group (suid/sgid), so that it does not have permission to 
read/write/execute files it does not need. So it has less than your 
permissions. But, under this design firefox would be able to write to other 
user's cache. What is the way around this problem?

chroot might be of help. The firefox client could chroot to ~/.firefox, 
running as the firefox user/group, who has permission on your ~/.firefox 
directory. Other users would not have the ability to do this if they're 
confined to this /usr/bin/ssh script.

Making /usr/bin/ssh a script to use suid myusername-suid, is another idea, so 
that system users do not reuse the same user for firefox (or irssi, or 
ssh)... so it is impossible for one program to get permissions on another. 
The number of usernames in /etc/password skyrockets with this though... with 
one new user for each application, multiplied by each user.

Access control lists can also control this, but I am looking for another level 
to create a redundancy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list