Re: Debians security features in comparison to Ubuntu

To: Sven Bartscher <sven.bartscher@weltraumschlangen.de>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Debians security features in comparison to Ubuntu
From: Joel Rees <joel.rees@gmail.com>
Date: Sun, 18 May 2014 01:36:44 +0900
Message-id: <[🔎] CAAr43iN3XzMh9wfMUWkujtbKHDj1gErVB2uq5hVbnXd7wgTTLQ@mail.gmail.com>
In-reply-to: <[🔎] 20140517182419.768c3e06@sven.bartscher>
References: <[🔎] 1WlNxN-1QSFPM0@fwd38.aul.t-online.de> <[🔎] CAAr43iNLXO_DxSP_B+q1MxUUnYefuyNyCEJ_mQW3bkrw+yStTw@mail.gmail.com> <[🔎] 53774BB8.9020006@riseup.net> <[🔎] 20140517153914.22b15819@sven.bartscher> <[🔎] CAAr43iMn2QnuB28=hrq+jF_NGwkOF4Md1zPPh79ktE_RESG6Rw@mail.gmail.com> <[🔎] 20140517182419.768c3e06@sven.bartscher>

On Sun, May 18, 2014 at 1:24 AM, Sven Bartscher
<sven.bartscher@weltraumschlangen.de> wrote:
> On Sun, 18 May 2014 01:09:06 +0900
> Joel Rees <joel.rees@gmail.com> wrote:
>
>> On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher
>> <sven.bartscher@weltraumschlangen.de> wrote:
>> > On Sat, 17 May 2014 11:44:56 +0000
>> > Patrick Schleizer <adrelanos@riseup.net> wrote:
>> >
>> >> After reading the following blog post
>> >>
>> >> http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html
>> >>
>> >> it seems to me, that user account level isolation isn't very strong.
>> >
>> > A very helpful link. I wasn't aware of that problem until now.
>> > Is there anything I can do against this, without using two different
>> > users? Are there any plans on changing this behaviour?
>>
>> There are more reasons than the X11 hole to refrain from using your
>> admin user to surf the web.
>
> Just out of curiosity, what are these reasons?

Your browser and any plugins, addons, etc. that it loads, including
java, flash, java/ecmascript, and, well, any scripting language the
browser can be running, for starters.

Shoot, if my memory serves me, I seem to remember a class of
vulnerabilities that has never really been answered, involving pushing
keyboard loggers into the keyboard controller itself.

>> If you are worried about needing to find answers to admin problems by
>> searching the web, lynx helps somewhat. But I still restrict the
>> places I visit with lynx while running as an admin to my search engine
>> site, certain subdomains of debian.org, and such.
>
> I'm not only worried about my admin account.
> This is still a big security-hole for non-admins.

The web is not safe. If you do internet banking, at least make a
separate, dedicated account for that, too. And if you go places where
maybe you should not let you go, re-think your reasons for going.

I get a lot of flack for such suggestions, but I'm not going to tell
you soft stories.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to:

Follow-Ups:
- Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)
  - From: Sven Bartscher <sven.bartscher@weltraumschlangen.de>

References:
- Debians security features in comparison to Ubuntu
  - From: "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de>
- Re: Debians security features in comparison to Ubuntu
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Debians security features in comparison to Ubuntu
  - From: Patrick Schleizer <adrelanos@riseup.net>
- Re: Debians security features in comparison to Ubuntu
  - From: Sven Bartscher <sven.bartscher@weltraumschlangen.de>
- Re: Debians security features in comparison to Ubuntu
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Debians security features in comparison to Ubuntu
  - From: Sven Bartscher <sven.bartscher@weltraumschlangen.de>

Prev by Date: Re: Debians security features in comparison to Ubuntu
Next by Date: Re: Debians security features in comparison to Ubuntu
Previous by thread: Re: Debians security features in comparison to Ubuntu
Next by thread: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)
Index(es):
- Date
- Thread