Dan-
You might try something like:
su - unprivileged_user_id -c netscape
This is not quite as good as chroot but at least keeps them from overwriting
files.
Of course the real fix is for Foxboro to modify their software so it doesn't
have to run as root.....
Corey Clingo
Sr. Engineer
BASF Corporation
"Karppi, Dan" <[EMAIL PROTECTED]> on 03/09/2001 11:33:45 AM
Please respond to Foxboro DCS Mail List <[EMAIL PROTECTED]>
To: 'Foxboro DCS Mail List' <Foxboro
cc:
Subject: RE: Helpfile Viewer
Dave and Tim,
I have already installed and am using Netscape Navigator 4.72 for Solaris
2.5.1 and it does the job. Only one major problem with it is that the
entire Solaris file system is not secure. The user can surf through the
entire file system by entering "/" in the location bar and then browsing
from the root directory. Also by using the FILE...SAVE_AS function from the
menu bar, the user can overwrite any writable file with the contents of the
displayed HTML page. This is because Netscape is running as root. I've
tried to secure it by 'chroot'ing Netscape but haven't been successful.
Windows versions of Netscape are capable of running in a "Kiosk" mode where
the toolbars and hot keys can be disabled but unfortunately this is not yet
available in UNIX versions. I was hoping to find an easier way of displaying
our help files or maybe you have already found a solution to Netscape's
security problem. Any other ideas would be appreciated.
Dan
-----------------------------------------------------------------------
This list is neither sponsored nor endorsed by the Foxboro Company. All
postings from this list are the work of list subscribers and no warranty
is made or implied as to the accuracy of any information disseminated
through this medium. By subscribing to this list you agree to hold the
list sponsor(s) blameless for any and all mishaps which might occur due to
your application of information received from this mailing list.
To be removed from this list, send mail to
[EMAIL PROTECTED]
with "unsubscribe foxboro" in the Subject. Or, send any mail to
[EMAIL PROTECTED]
