On Wed, Feb 10, 2016 at 6:17 PM, jd1008 <jd1008(a)gmail.com> wrote:
On 02/10/2016 08:24 AM, Tom H wrote:
>
> root's presumably disabled on the OP's box so rather than change this
> setup, the OP should run "visudo -f /etc/sudoers.d/maitra" after
> "chroot /fedora" (or "systemd-nspawn -D /fedora") to create the
> following line in "/etc/sudoers.d/maitra":
>
> maitra ALL=(ALL) ALL
The problem with allowing the user to be effectively root (via sudoers) is
that
ubiquotous browser. I have zero faith in browsers. No, not 0, but -infinity
.
A malefic website can and does user JS to fork out processes that can sudo
whatever they want.
This is why broswers should be set to suid some user other than the
logged-in user,
and having no privileges outside it's own directory. This would be like a
jail.
Many of you already know how to set up such a jail.
Your malefic JS will still need the user's password to run "sudo
some_command".