Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Luke Crawford (lscprgmr.com)
Date: Thu Nov 09 2006 - 02:48:29 CST
On Thu, 9 Nov 2006, mal content wrote:
> On 09/11/06, Luke Crawford <lscprgmr.com> wrote:
>> man jail(8)
> A full jail is quite extreme, don't you think? Besides, it'd be tricky to
> a jailed program to write to ~/.mozilla and /tmp.
Not really. well, it would be difficult to let it write to both
~/.mozilla and /tmp unless your homedir is under /tmp, what I would do is
run mozilla under ~/mozilla and use that as the jail chroot. give it an
internal IP and connect via X over IP if you want... or figure out how to
put the named pipe unter ~/.mozilla (I'm not going to look it up for you,
but there is a way... your jail system can't write outside the jail, but
your non-jail system can write into the jail, so you might even be able
to do it with a simple symlink.)
jail is the best sandbox FreeBSD has; if that's to heavy, simply run it
setuid to another user that doesn't have permission to anything- it's not
as good of a sandbox, but it's lightweight.
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"