(I was hoping someone else would take the time to explain this.) On Mon, Apr 11, 2011 at 12:42 PM, suvayu ali <fatkasuvayu+li...@gmail.com> wrote: > On Sun, Apr 10, 2011 at 7:04 PM, Joel Rees <joel.r...@gmail.com> wrote: >> This is not to be mean to the other users. It's to protect the other >> users from the vulnerabilities in flash. If flash is installed >> globally (the usual thing that happens when you use the rpm package), >> all users become vulnerable. Including that administrator account that >> you never use to get on the web, except to fedoraproject.org and other >> places where you need to read the manuals, etc. > > I don't think this is correct. Permissions for plugins are not setuid.
setuid is not really relavent to this particular question. > So as long as the call to load the library is done as a regular user > (as in, you don't surf the Internet as root), Sure, you don't surf the web as root. I don't surf the web as root. Nor do we surf the web as a user capable of raising privilege temporarily via sudo. And we always su (if we do use su to do administrative tasks) from users that we never surf the web from, right? You understand why? And we have a dedicated user for downloading live CD and install CD images, Oracle's Java (if we need that) and (ahem) Adobe's Flash, getting on-line to paypal or your bank, etc. Right? Does that explain why I'm saying you don't want Flash loading every time you run your web browser as any user? > vulnerabilities in the > plugin can _only_ affect the regular user. There are many paths to exploits besides things directly running in the instance of the web server (with plugins) which you are currently running. Tricks like leaving keyloggers and trojans behind, in places where they get executed the next time you log in instead of now. So a Flash exploit lets the bad guys leave a keylogger in your surfing account. That's not good (and in some senses it's a ticking time bomb), but at least it isn't as bad as it could be. Joel Rees -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
