On 14/12/05, J.C. Roberts <[EMAIL PROTECTED]> wrote:
> When you think about all the crap a graphical browser needs just to run
> (fonts, mime types, library dependencies, plugins, cache, user
> preferences, ...), it will probably be a major pain to chroot the beast
> because you'll be duplicating tons of stuff into your chroot. At that
> point, you have only gained a copy of your file system rather than any
> real security.
>
> Worse yet many "browsers" are actually dual purpose and function as the
> system file manager within the windowing environment (windows/MSIE,
> KDE/konqueror, gnome/?, and so on...). If you actually manage to
> successfully chroot all your browsers to prevent accidentally clicking
> on a "bad" link, you suddenly don't have a file manager and have lost a
> lot of usability.

I've just had the most awesome idea: chroot the entire operating system!

Reply via email to