I want to brainstorm something I brought up before. The firefox (or irssi, or even ssh client) program could be run as another user/group (suid/sgid), so that it does not have permission to read/write/execute files it does not need. So it has less than your permissions. But, under this design firefox would be able to write to other user's cache. What is the way around this problem?
chroot might be of help. The firefox client could chroot to ~/.firefox, running as the firefox user/group, who has permission on your ~/.firefox directory. Other users would not have the ability to do this if they're confined to this /usr/bin/ssh script. Making /usr/bin/ssh a script to use suid myusername-suid, is another idea, so that system users do not reuse the same user for firefox (or irssi, or ssh)... so it is impossible for one program to get permissions on another. The number of usernames in /etc/password skyrockets with this though... with one new user for each application, multiplied by each user. Access control lists can also control this, but I am looking for another level to create a redundancy. robert
pgpweMTs5vOyH.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
