[lug] Firefox chroot
David L. Anselmi
anselmi at anselmi.us
Mon Feb 26 22:20:58 MST 2007
Daniel Webb wrote:
> What I'm wondering is: does my idea of putting a minimal distro with Firefox
> in a chroot accomplish the goal of preventing an attacker from viewing or
> changing stuff in my home directories? Or does the X connection compromise
> what I'm doing? I don't understand enough about how X works at the low level
> to answer that for myself.
If you're forwarding the X session (using SSH) from the chroot to your X
server I'd think you'd be vulnerable. Not that that's a very common
config for people to attack--it would have to combine more than one exploit.
If you run a separate X server in the chroot (sounds like you do) then
your security would depend on vulnerabilities in the VNC client. Again,
not a likely config for exploits to run against.
More information about the LUG