On 14/12/05, J.C. Roberts <[EMAIL PROTECTED]> wrote: > When you think about all the crap a graphical browser needs just to run > (fonts, mime types, library dependencies, plugins, cache, user > preferences, ...), it will probably be a major pain to chroot the beast > because you'll be duplicating tons of stuff into your chroot. At that > point, you have only gained a copy of your file system rather than any > real security. > > Worse yet many "browsers" are actually dual purpose and function as the > system file manager within the windowing environment (windows/MSIE, > KDE/konqueror, gnome/?, and so on...). If you actually manage to > successfully chroot all your browsers to prevent accidentally clicking > on a "bad" link, you suddenly don't have a file manager and have lost a > lot of usability.
I've just had the most awesome idea: chroot the entire operating system!