On Wed, Feb 10, 2016 at 6:17 PM, jd1008 <jd1008@xxxxxxxxx> wrote: > On 02/10/2016 08:24 AM, Tom H wrote: >> >> root's presumably disabled on the OP's box so rather than change this >> setup, the OP should run "visudo -f /etc/sudoers.d/maitra" after >> "chroot /fedora" (or "systemd-nspawn -D /fedora") to create the >> following line in "/etc/sudoers.d/maitra": >> >> maitra ALL=(ALL) ALL > > The problem with allowing the user to be effectively root (via sudoers) is > that > ubiquotous browser. I have zero faith in browsers. No, not 0, but -infinity > . > A malefic website can and does user JS to fork out processes that can sudo > whatever they want. > This is why broswers should be set to suid some user other than the > logged-in user, > and having no privileges outside it's own directory. This would be like a > jail. > Many of you already know how to set up such a jail. Your malefic JS will still need the user's password to run "sudo some_command". -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org