Am 19.03.2009 um 14:08 schrieb Christos Zoulas:
Yes, it is harder to do, but you could do the same in a chroot, or runit as another user that does not have priviledges to write anywhere but ~/.
To chroot, I need root - I think this will be just another issue then. I have to patch the program so that it drops root permissions after it chrooted. Not a good idea. I run basically everything using systrace, some of this stuff can't be even run in a chroot.
For example, my procmail is only allowed to write to the INBOX. This is not solvable by a chroot. My whole home would need to be in a chroot then.
Even my irssi and mcabber are running using systrace.I'm sorry, but chroot isn't an option and another user will always be able to write to for example /tmp or read files.
-- Jonathan
Attachment:
PGP.sig
Description: Signierter Teil der Nachricht