chroot ;-). It is a pity that the is nothing like linux vservers for openbsd as yet ;-)
On 18/01/2008, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote: > > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote: > > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote: > > > > I have a box that I want to keep as secure as I can but I also need > to > > > > be able to use a graphical browser from it (I know that this is a > > > > trade-off). > > > > > > > > There is no graphical browser in base. I don't need or want this > > > > browser to do javascript or flash (I have a different box for > > > > entertainment). Of the browsers in packages, which browser would > people > > > > think is likely the most secure? > > > [snip] > > > > > > Why not create an OpenBSD live CD with the stuff you want on it? > > > > Because this box will also be my main server. For details, see a > > previous thread (I forget the title) where I'm splitting things between > > a "secure" box where anything confidential will be kept, and an > > "entertainment" box for regular browsing with javascript and, where > > required, flash. Also for watching DVDs and listening to music. > > Have you considered that > a) you need to be very careful to properly separate these environments? > (No SSH, no shared passwords, no direct access to 'confidential' data, > etc.) > b) the barrier between different users is pretty strong? Outside of some > annoying symlink race conditions, there is very little mischief one > account can do to another account that does not require gaining root in > the first place. And most insecure software, at least on OpenBSD, will > allow you to crack an account but not root > c) graphical environments don't really belong on servers? > > Anyway, good luck. I can't think of any good suggestion except > re-iterating what was said above, and noting that w3m can display > graphics in an xterm. > > Joachim > > -- > PotD: x11/gnome/audio - audio files for Gnome
