True 'nuff. :-)
--
Malicious program run as user can compromise system
https://bugs.launchpad.net/bugs/93964
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.c
Hi Brian,
Brian Visel [2007-11-01 19:47 -]:
> But, bottom line.. ..one shouldn't run trojans, yes. :-) Too bad my
> proverbial grandma will never get that.
That's true unfortunately. It's an entirely social problem, and we
should absolutely aim to design Ubuntu in a way that you do not
*acc
Sounds decent. I still think there's a lot that can be done for most
(or at least many) users. A rather like the idea of a
transparently-walled garden made of allowing users of a specific group
to run specific executables (a broad set) with sudo.
But, bottom line.. ..one shouldn't run trojans, y
The only way to avoid this class of exploit is to entirely separate
adminstration and desktop work to two distinct users and X servers. As
soon as you introduce *any* method of gaining administration rights into
a user desktop session, you automatically open up the possibility or
running trojans wh
Example exploit had a bug in it that I just noticed.. ..one year later,
almost.. feh. anywho, this is the example repaired. It's
uncomfortably simple. Security will need some work as Ubuntu grows.
Perhaps we could make a "Desktop User" who can (gk)su to do only
specific tasks, such as some or
Example exploit. Make executable, then run in Nautilus. Then, at
whatever point you like, run an upgrade/update/system task that requires
gksu/gksudo.
Makes two files when run as a regular user who then successfully uses
gksu/gksudo.
/tmp/compromise
/root/foo
** Attachment added: "compromisin