[plug] /dev/null settings

Christian christian at amnet.net.au
Mon Aug 28 10:48:27 WST 2000


On Mon, Aug 28, 2000 at 10:40:40AM +0800, Shackleton, Kevin wrote:
> Christian,
> 
> Are you saying 'bad idea' because Netscape can't be trusted with the system,
> or the usual precautions about helping the user to not trash the system?

Aren't they both the same thing?  The general rule of thumb is "don't do
things as root that you can possibly do as an ordinary user."  If
Netscape crashes and tries to start writing random data to disk then, as
root, the consequences could be horrific.  As an ordinary user, you
might not even notice.  This is just one simple example.  Yet another
example (and probably more what I was referring to) was the huge
security risk that running Netscape as root entails.  Wasn't there a
buffer overflow in Netscape's JPEG renderer recently?  What about all
those nasty JavaScript bugs?  There's a million and one possibilities
(all of them nasty) from running Netscape as root but it all goes back
to the general rule: don't work as root unless you absolutely have to.



More information about the plug mailing list