Dear all, on the one hand one reads about bugs in the Mircosoft Internet Exploder based on Active Scripting and other holes quite often. On the other hand, rarely bugs in the Mozilla and Co. are reported. However, I believe that bugs are human -- without touching the philosophical question whether humans are no bugs ,-). So, bugs do also exist in Mozilla and Co, I assume.
When I take now a look to Mozilla that is run on my Debian box, ruf ... /usr/lib/mozilla/mozilla-bin ruf ... \_ /usr/lib/mozilla/mozilla-bin ruf ... \_ /usr/lib/mozilla/mozilla-bin ruf ... \_ /usr/lib/mozilla/mozilla-bin ruf ... \_ /usr/lib/mozilla/mozilla-bin ruf ... \_ /usr/lib/mozilla/mozilla-bin Mozilla runs with my user id. This I do not really appreciate. So, my question is quite easy: wouldn't it be more secure if mozilla was installed by dselect/apt-get/dpkg with set-uid to nobody.nogroup? /* Of course, this would make impossible to download files into one's home directory except it was world writable -- and caching files would cause either more headache or the appropriate directory would require world writability, too. But Linux is quite often used on personal stations where only one user account exists, e.g. on my laptop. In this case, I would prefer writing the downloaded files to /tmp all the time and having world writable caches but would get little more security. */ I could imagine an installation option in --preconfigure like with sshd. What do you think? wbr, Lukas -- Lukas Ruf http://www.lpr.ch Wanna know anything about raw IP? Join [EMAIL PROTECTED] on http://www.rawip.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
