On Sat, Apr 30, 2011 at 09:59:13AM -0400, Yanik Doucet wrote: > See this > > http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html > > <http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html>
So it is still a problem. -- hendrik > > On Sat, Apr 30, 2011 at 9:32 AM, Hendrik Boom <[email protected]>wrote: > > > On Sat, Apr 30, 2011 at 12:46:12AM -0400, aaron d wrote: > > > You missed the point. He was saying you can use sudo to escalate the > > > privileges of ONE graphical process, a significantly safer proposition > > than > > > logging into and entire GUI session as root, not to mention being less of > > a > > > waste of time. > > > > I was told, long ago, of the dangers of using even a root window in X. > > I was told that the X protocol allows any process with a window on an X > > server (your screen) to enter events (such as keypresses) into any other > > window. This is useful when you're tryng to provide interesting UI > > facilities. But it provides privilege escalation if the ordinary window > > happens to contain malware and teh root window is, for example, a shell > > that can do *anything*. > > > > Whether this is still possible in X I don't know. But I'd be pleasantly > > surprised it if weren't. > > > > -- hendrik > > > > > > > > It has been stated on a few wikis that the fallback option for GNOME3 is > > > only a temporary measure; they intend to have the system make the > > decision > > > for you. Again, have a look at xfce, you may like what you see. > > > > > > Aaron > > > > > > On Fri, Apr 29, 2011 at 11:27 PM, Leslie S Satenstein < > > [email protected] > > > > wrote: > > > > > > > Just for the record. When I enable the Root Access, I make certain to > > not > > > > use either any browser or email program. > > > > > > > > One thing that I find difficult to understand is this. I do a sudo > > command > > > > and what it gives me is command line access. One slip of a rm rf > > command > > > > and that file is doomed. > > > > With GUI, I have a choice to delete or more to trash. In GUI, and in > > Root, > > > > I empty trash before exiting. > > > > > > > > So far, I can truthfully say that using Root GUI for many root > > activities > > > > is safer than using sudo commands. > > > > > > > > In closing, just as the danger exists in using sudo to do root > > commands, > > > > there is a (smaller) danger in doing maintenance from the GUI > > interface. > > > > > > > > Renames, moving files from directory to directory, sorting a directory > > by > > > > date and handling older files, or sorting by type and handling those > > files > > > > is soo much easier in GUI mode. > > > > Time is money and GUI access takes less human time. > > > > > > > > *------------------ > > > > * > > > > > > > > Regards > > > > * > > > > Leslie > > > > * > > > > *Mr. Leslie Satenstein > > > > *40 years in IT and going strong. > > > > Yesterday was a good day, today is a better day, > > > > and tomorrow will be even better. > > > > > > > > mailto:[email protected] <[email protected]> > > > > alternative: [email protected] > > > > www.itbms.biz > > > > > > > > > _______________________________________________ > > > mlug mailing list > > > [email protected] > > > > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > > > _______________________________________________ > > mlug mailing list > > [email protected] > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
