Hello. In the spirit of splitting up privileges, has there been much consideration into installing web browsers as suid user "webbrowser", or something along these lines.
These programs do a lot of downloading... for example they could download to a partition which is noexec, so nothing downloaded could be executed directly. I haven't tried this, and don't know it if works. A user "webbrowser" would also keep the browser from overwriting files in /home/<myuser>. In Linux, web-based plugin installs are extremely rare unless you're root, in my experience. Partitioning the browser would help reduce privilege escalation, including to non-root users (especially non-root users with sudo rules). This is just a random thought that occurred to me when thinking about the problem Windows has when installing all plugins as root, and that it could affect Linux users installing/running as their own user. robert
pgpkXTtrmEFAc.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
