[nSLUG] Re: Help? libstdc++ question/confusion

Mike Spencer mspencer at tallships.ca
Fri Jan 16 00:12:53 AST 2009


Just starting, at 9:00pm, to figure out all the advice y'all have
given me.  But a couple of tangential points:

> - enter chroot
>   sudo chroot /slackware10 su <your_username> -
>
> Don't forget the dash after the username.

Don't you mean "su - <username>", to get full shift to username's
login process & environment?  That's what my manpage says.  But thanks
for mentioning it.  I didn't know about the '-' arg and it solves the
previously perpetual annoyance that su to root (sans '-') doesn't
execute root's own alias and login files.

> I know you like Netscape 4.7 but have you considered how many known
> exploitable bugs are in it? Running older software that accesses the
> internet is risky.

Well, I'm largely flying by guess & by golly.  Navigator doesn't have
mail/news/etc. capabilities so it can't send mail at the behest of
some malicious HTML or packets to port 80.

I typically have images, Java, javascript and cookies disabled.
Although I "accept" certs when proffered, I never do anything via a web
connection for which (AFAIK) their validity or correct handling
matters: no banking, shopping, tax forms, gov't forms, securities
trading or the like.

As far as I can see, NN 4.76 doesn't support <IFRAME.... so nothing
bad gets snuck in that way.  I'm running Linux (obviously? :-) so ActiveX
and  *.EXEs, however cleverly inserted, don't do anything.


So what "exploitable bugs" are a threat?



The greatest disadvantages are:

   + A tendency, on some particularly complicated pages, to shingle off
     into the fog and lock up X.  Memory leak?  Whatever, it doesn't
     happen too often, usually I can see it coming and get out before
     lockup. And a very occasional page where it just goes poof and
     vanishes. 

   + Inability to handle current versions of js when I *do* want to
     enable it.

But of course I have Firefox as a backup when I really, really want to
look at one of those horrible mare's nests of code and markup that
most corporate sites are.


I'm checking out NN 4.79 before I hack around much more with
libraries.  It's alleged to have fixed some 4.76 bugs anyhow.
Now I have to wait for a boring d/l over dialup.


huuummmmmmmmmmmmmmmmmmmm....


- Mike




More information about the nSLUG mailing list