On Sun, 18 May 2014 01:09:06 +0900 Joel Rees <joel.rees@gmail.com> wrote: > On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher > <sven.bartscher@weltraumschlangen.de> wrote: > > On Sat, 17 May 2014 11:44:56 +0000 > > Patrick Schleizer <adrelanos@riseup.net> wrote: > > > >> After reading the following blog post > >> > >> http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html > >> > >> it seems to me, that user account level isolation isn't very strong. > > > > A very helpful link. I wasn't aware of that problem until now. > > Is there anything I can do against this, without using two different > > users? Are there any plans on changing this behaviour? > > There are more reasons than the X11 hole to refrain from using your > admin user to surf the web. Just out of curiosity, what are these reasons? > If you are worried about needing to find answers to admin problems by > searching the web, lynx helps somewhat. But I still restrict the > places I visit with lynx while running as an admin to my search engine > site, certain subdomains of debian.org, and such. I'm not only worried about my admin account. This is still a big security-hole for non-admins. Regards Sven
Attachment:
signature.asc
Description: PGP signature