Re: Debians security features in comparison to Ubuntu
On Sun, May 18, 2014 at 1:24 AM, Sven Bartscher
> On Sun, 18 May 2014 01:09:06 +0900
> Joel Rees <email@example.com> wrote:
>> On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher
>> <firstname.lastname@example.org> wrote:
>> > On Sat, 17 May 2014 11:44:56 +0000
>> > Patrick Schleizer <email@example.com> wrote:
>> >> After reading the following blog post
>> >> http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html
>> >> it seems to me, that user account level isolation isn't very strong.
>> > A very helpful link. I wasn't aware of that problem until now.
>> > Is there anything I can do against this, without using two different
>> > users? Are there any plans on changing this behaviour?
>> There are more reasons than the X11 hole to refrain from using your
>> admin user to surf the web.
> Just out of curiosity, what are these reasons?
Your browser and any plugins, addons, etc. that it loads, including
java, flash, java/ecmascript, and, well, any scripting language the
browser can be running, for starters.
Shoot, if my memory serves me, I seem to remember a class of
vulnerabilities that has never really been answered, involving pushing
keyboard loggers into the keyboard controller itself.
>> If you are worried about needing to find answers to admin problems by
>> searching the web, lynx helps somewhat. But I still restrict the
>> places I visit with lynx while running as an admin to my search engine
>> site, certain subdomains of debian.org, and such.
> I'm not only worried about my admin account.
> This is still a big security-hole for non-admins.
The web is not safe. If you do internet banking, at least make a
separate, dedicated account for that, too. And if you go places where
maybe you should not let you go, re-think your reasons for going.
I get a lot of flack for such suggestions, but I'm not going to tell
you soft stories.
Be careful where you see conspiracy.
Look first in your own heart.