From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LMsHm-0001Vy-Ap for garchives@archives.gentoo.org; Tue, 13 Jan 2009 23:03:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 37218E0774; Tue, 13 Jan 2009 23:03:01 +0000 (UTC) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by pigeon.gentoo.org (Postfix) with ESMTP id CAFAFE0774 for ; Tue, 13 Jan 2009 23:03:00 +0000 (UTC) Received: by ewy14 with SMTP id 14so335268ewy.10 for ; Tue, 13 Jan 2009 15:03:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=+FwmydYw9YWY30p2DyJpnyUUEbDXif6h5+dkZm6s1lA=; b=jWSV4gFmHLcE9QxTlI8njyBCylGyHla9xFixog0BNp8W8NurJtVy5GaBL6KXTG+YIT ZoA3mxs5m77t6BwGjCRhGp11fxKbgU50r48Ky5Rb6dltd+VUcK4rnHac4UZHC7o/o9Vm MeqneVVGSLkx1AomkwGsfbaCemyV/5dh1KWLE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=d8kpBOJCnkz5kAWF4MeQsT1JgsDnGiDwXnUvc7OdSpt/kpi+KbPxaIfgAowFf8rlnk oBKokOSVyTDUALtv8m0ykkK987cIApqboc/jrfV0KW10NLU3cy60ySVcnFljchpgpvnM FJpRt5kErVJYmuvm5r07K/eandzpnjwResSQ4= Received: by 10.210.59.14 with SMTP id h14mr11858010eba.101.1231887780286; Tue, 13 Jan 2009 15:03:00 -0800 (PST) Received: from lappy.study (the3mountains.plus.com [212.159.46.48]) by mx.google.com with ESMTPS id 7sm894757eyg.22.2009.01.13.15.02.58 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 13 Jan 2009 15:02:58 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access Date: Tue, 13 Jan 2009 19:33:14 +0000 User-Agent: KMail/1.9.9 References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <49bf44f10901100948x5ad0087ag93feadefce0385ad@mail.gmail.com> <20090111070536.52dece68@coercion> In-Reply-To: <20090111070536.52dece68@coercion> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1424176.nncY5aDcY0"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200901131933.29930.michaelkintzios@gmail.com> X-Archives-Salt: 9b017a53-ee2f-49f8-bff3-85c2d71bbe1a X-Archives-Hash: 575d19cd68a927ac52d60c04e92ee9f1 --nextPart1424176.nncY5aDcY0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 11 January 2009, Mike Kazantsev wrote: > If blocking every possible user is too much trouble or you wish to > block just firefox, but not wget to http port for _all_ users (not the > same case as emerge from root) you can write a simple SUID wrapper for > firefox binary, which changes group to restricted one (but leaves uid > and home unchanged),=20 Is this like creating a symlink to the original FF binary which you have mo= ved=20 somewhere else? Can you please explain? > then launches true firefox binary, to which only=20 > that group has access. =2D-=20 Regards, Mick --nextPart1424176.nncY5aDcY0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkls7IkACgkQ5Fp0QerLYPeNdACgrsvJD5KbxqMKlJV5hubFJteg TfcAnRsltx4zQk5VBfsNl0kmtuJWzaHW =5sxi -----END PGP SIGNATURE----- --nextPart1424176.nncY5aDcY0--