Destroying "only" your home directory (was Re: Newbie question on permissions)

[Matthew R. Dempsky]

On Sat, Apr 01, 2006 at 06:40:00PM -0600, Michael V. De Palatis wrote:
> On Sat, Apr 01, 2006 at 04:29:19PM -0600, Matthew R. Dempsky wrote:
> > This is something that has always bugged me: privelege separation 
> > between root and users is primarily desirable for system administrators 
> > of multi-user machines, not single-user machines.
> 
> Quite frankly, it's attitudes like these that make systems like
> Windows so insecure.  Ideally, if everything works, you rarely even
> need enter the administrator password in order to change settings. So
> why should it be such a big deal to have to those few times you need
> to? It prevents you from getting screwed by accidentally running `rm
> -rf /', for example.

Sorry, maybe my point wasn't clear: I don't think privelege separation 
is a bad thing, just that simply separating root from users doesn't go 
anywhere near far enough, and that users aren't given enough access to 
further privelege separation.

On the servers I administer, almost every service runs as its own 
dedicated user with the bare minimum necessary permissions.

However, it's not practical to do similarly  as a regular user on my 
laptop, for example, how do I run mplayer such that I can safely watch 
any movie I download online?  There have been exploits in mplayer 
before[1], who's to say they won't happen again?

[1] http://tigger.uic.edu/~jlongs2/holes/mplayer.txt