Re: Accounts for client programs

To: Robert Vazan <robertvazan@privateweb.sk>
Cc: debian-security@lists.debian.org
Subject: Re: Accounts for client programs
From: Simon Kirby <sim@netnation.com>
Date: Sun, 29 Jun 2003 23:22:42 -0700
Message-id: <[🔎] 20030630062242.GA11222@netnation.com>
In-reply-to: <[🔎] Mahogany-0.65.0-9444-20030629-144346.00@pcw2k69.energoinfo.sk>
References: <[🔎] Mahogany-0.65.0-9444-20030629-144346.00@pcw2k69.energoinfo.sk>

On Sun, Jun 29, 2003 at 02:43:46PM +0200, Robert Vazan wrote:

> Is it possible to run all programs including clients (browser, mp3
> player, compiler, ...) under separate accounts just like servers? Would
> it be possible to add this as an option when installing the system?
> 
> The problem I have there, I am developer (but not debian developer) and
> I have full write access to binaries that I compile. Now if I exchange
> binaries with other developers, this creates environment for viruses,
> doesn't it?
> 
> Is the game with accounts useful for something? If so, why is there so
> much panic about "run as few services as possible"? Let's say I don't
> care about halting and damage (as far as I know who did it), I care
> about data changes and reprogramming. Do accounts suffice?

I actually do this, and have been since when I was running Slackware 2.2. 
It takes some scripting and moving things around, but I run X as root and
run each application (mozilla, etc.,) as their own user.  I also have a
general "sim" for email and ident-aware things such as IRC.  It probably
only really works in specific situations such as mine and it probably
makes it far too easy to be lazy and run things as root, but I like to
think I've saved a few years of my life not typing "su" and entering my
root password every five seconds.

It all started because I quite often want to run something I don't really
trust, be it a binary, some source which could easy have something
unexpected, or even my own code.  A few times now I've thought about
writing something to dynamically create a new user so that I can prod at
an application without it having write access to any of my other files
(but I usually end up just using a user I don't do much else with).

It's probably possible for something to overflow an X packet or something
in the middle and obtain root by opening a new shell and issuing
commands, or maybe it's even possible for X clients to fake keystrokes to
other windows, but most of the stuff I run is text-only anyway.

Simon-

Reply to:

Follow-Ups:
- Re: Accounts for client programs
  - From: Robert Vazan <robertvazan@privateweb.sk>

References:
- Accounts for client programs
  - From: Robert Vazan <robertvazan@privateweb.sk>

Prev by Date: Re: Firewall with iptables and forwarding
Next by Date: Why is proftpd always started when one update it?
Previous by thread: Accounts for client programs
Next by thread: Re: Accounts for client programs
Index(es):
- Date
- Thread