[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debians security features in comparison to Ubuntu

On Sun, May 18, 2014 at 1:24 AM, Sven Bartscher
<sven.bartscher@weltraumschlangen.de> wrote:
> On Sun, 18 May 2014 01:09:06 +0900
> Joel Rees <joel.rees@gmail.com> wrote:
>> On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher
>> <sven.bartscher@weltraumschlangen.de> wrote:
>> > On Sat, 17 May 2014 11:44:56 +0000
>> > Patrick Schleizer <adrelanos@riseup.net> wrote:
>> >
>> >> After reading the following blog post
>> >>
>> >> http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html
>> >>
>> >> it seems to me, that user account level isolation isn't very strong.
>> >
>> > A very helpful link. I wasn't aware of that problem until now.
>> > Is there anything I can do against this, without using two different
>> > users? Are there any plans on changing this behaviour?
>> There are more reasons than the X11 hole to refrain from using your
>> admin user to surf the web.
> Just out of curiosity, what are these reasons?

Your browser and any plugins, addons, etc. that it loads, including
java, flash, java/ecmascript, and, well, any scripting language the
browser can be running, for starters.

Shoot, if my memory serves me, I seem to remember a class of
vulnerabilities that has never really been answered, involving pushing
keyboard loggers into the keyboard controller itself.

>> If you are worried about needing to find answers to admin problems by
>> searching the web, lynx helps somewhat. But I still restrict the
>> places I visit with lynx while running as an admin to my search engine
>> site, certain subdomains of debian.org, and such.
> I'm not only worried about my admin account.
> This is still a big security-hole for non-admins.

The web is not safe. If you do internet banking, at least make a
separate, dedicated account for that, too. And if you go places where
maybe you should not let you go, re-think your reasons for going.

I get a lot of flack for such suggestions, but I'm not going to tell
you soft stories.

Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to: