On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote:
> On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> > > I have a box that I want to keep as secure as I can but I also need to
> > > be able to use a graphical browser from it (I know that this is a
> > > trade-off).
> > >
> > > There is no graphical browser in base. I don't need or want this
> > > browser to do javascript or flash (I have a different box for
> > > entertainment). Of the browsers in packages, which browser would people
> > > think is likely the most secure?
> > [snip]
> >
> > Why not create an OpenBSD live CD with the stuff you want on it?
>
> Because this box will also be my main server. For details, see a
> previous thread (I forget the title) where I'm splitting things between
> a "secure" box where anything confidential will be kept, and an
> "entertainment" box for regular browsing with javascript and, where
> required, flash. Also for watching DVDs and listening to music.
Have you considered that
a) you need to be very careful to properly separate these environments?
(No SSH, no shared passwords, no direct access to 'confidential' data,
etc.)
b) the barrier between different users is pretty strong? Outside of some
annoying symlink race conditions, there is very little mischief one
account can do to another account that does not require gaining root in
the first place. And most insecure software, at least on OpenBSD, will
allow you to crack an account but not root
c) graphical environments don't really belong on servers?
Anyway, good luck. I can't think of any good suggestion except
re-iterating what was said above, and noting that w3m can display
graphics in an xterm.
Joachim
--
PotD: x11/gnome/audio - audio files for Gnome
