[lug] Firefox chroot

David L. Anselmi anselmi at anselmi.us
Mon Feb 26 22:20:58 MST 2007

Daniel Webb wrote:
> What I'm wondering is: does my idea of putting a minimal distro with Firefox
> in a chroot accomplish the goal of preventing an attacker from viewing or
> changing stuff in my home directories?  Or does the X connection compromise
> what I'm doing?  I don't understand enough about how X works at the low level
> to answer that for myself.

If you're forwarding the X session (using SSH) from the chroot to your X 
server I'd think you'd be vulnerable.  Not that that's a very common 
config for people to attack--it would have to combine more than one exploit.

If you run a separate X server in the chroot (sounds like you do) then 
your security would depend on vulnerabilities in the VNC client.  Again, 
not a likely config for exploits to run against.


More information about the LUG mailing list