On Sun, May 18, 2014 at 1:24 AM, Sven Bartscher <[email protected]> wrote: > On Sun, 18 May 2014 01:09:06 +0900 > Joel Rees <[email protected]> wrote: > >> On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher >> <[email protected]> wrote: >> > On Sat, 17 May 2014 11:44:56 +0000 >> > Patrick Schleizer <[email protected]> wrote: >> > >> >> After reading the following blog post >> >> >> >> http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html >> >> >> >> it seems to me, that user account level isolation isn't very strong. >> > >> > A very helpful link. I wasn't aware of that problem until now. >> > Is there anything I can do against this, without using two different >> > users? Are there any plans on changing this behaviour? >> >> There are more reasons than the X11 hole to refrain from using your >> admin user to surf the web. > > Just out of curiosity, what are these reasons?
Your browser and any plugins, addons, etc. that it loads, including java, flash, java/ecmascript, and, well, any scripting language the browser can be running, for starters. Shoot, if my memory serves me, I seem to remember a class of vulnerabilities that has never really been answered, involving pushing keyboard loggers into the keyboard controller itself. >> If you are worried about needing to find answers to admin problems by >> searching the web, lynx helps somewhat. But I still restrict the >> places I visit with lynx while running as an admin to my search engine >> site, certain subdomains of debian.org, and such. > > I'm not only worried about my admin account. > This is still a big security-hole for non-admins. The web is not safe. If you do internet banking, at least make a separate, dedicated account for that, too. And if you go places where maybe you should not let you go, re-think your reasons for going. I get a lot of flack for such suggestions, but I'm not going to tell you soft stories. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/caar43in3xzmh9wfmuwkujtbkhdj1gervb2uq5hvbnxd7wgt...@mail.gmail.com
