> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Simon Morgan > Sent: Wednesday, December 14, 2005 2:32 PM > To: J.C. Roberts > Cc: misc@openbsd.org > Subject: Re: browser security > > On 14/12/05, J.C. Roberts <[EMAIL PROTECTED]> wrote: > > When you think about all the crap a graphical browser needs just to run > > (fonts, mime types, library dependencies, plugins, cache, user > > preferences, ...), it will probably be a major pain to chroot the beast > > because you'll be duplicating tons of stuff into your chroot. At that > > point, you have only gained a copy of your file system rather than any > > real security. > > > > Worse yet many "browsers" are actually dual purpose and function as the > > system file manager within the windowing environment (windows/MSIE, > > KDE/konqueror, gnome/?, and so on...). If you actually manage to > > successfully chroot all your browsers to prevent accidentally clicking > > on a "bad" link, you suddenly don't have a file manager and have lost a > > lot of usability. > > I've just had the most awesome idea: chroot the entire operating system!
Here you go: http://cisx1.uma.maine.edu/~wbackman/vmware-images/ OpenBSD 3.8 default install image for the free VMWare player. Of course, it only includes the lynx web browser, but it is hard to get more secure than that!
