Hi. On Wed, 25 Dec 2013 07:33:53 +0100 Ralf Mardorf <ralf.mard...@alice-dsl.net> wrote:
> On Wed, 2013-12-25 at 10:15 +0400, Reco wrote: > > b) That sneaky sandbox user can override firefox with something > > like /home/user9-boxed/bin/firefox, which is bad. > > Here we are again ;). > > Using a profile, supported by firefox, is the easiest and securest way. An ability to read and write an arbitrary file in user's $HOME cannot be called 'secure'. And even if I'd trust browser (firefox is a free software, after all), there is a matter of plugins. > > I only use another user, instead of a profile, if I need a password, > e.g. to make a history including adult content unavailable for kids. And that assumes you're keeping browsing history. Why people are doin' this is something that I can never understand. Still, even if we disregard this 'browsing history' topic, there is a matter of online advertisement, which is known to show banners based on a user habits. And IMO not all children should see all these banners. > > If you care for security, this is one reason to prefer profiles. If I'd care for security that much, I'd use LXC for running a browser. Since I'm lazy, I just use a couple of accounts. > > Btw. somebody on this list once called it a sledgehammer and I agree, > but if I don't use a profile, but another user then I don't care: > > xhost + > gksudo -u chuser "$*" > xhost - > exit > > I still don't understand what's bad with using profiles. A profile > doesn't have any drawback. See above. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131225110526.16137e81dbcdca35fcd68...@gmail.com
