[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)

On Sun, May 18, 2014 at 1:50 AM, Sven Bartscher
<sven.bartscher@weltraumschlangen.de> wrote:
> On Sun, 18 May 2014 01:36:44 +0900
> Joel Rees <joel.rees@gmail.com> wrote:
>
>> >> There are more reasons than the X11 hole to refrain from using your
>> >> admin user to surf the web.
>> >
>> > Just out of curiosity, what are these reasons?
>>
>> Your browser and any plugins, addons, etc. that it loads, including
>> java, flash, java/ecmascript, and, well, any scripting language the
>> browser can be running, for starters.
>>
>> Shoot, if my memory serves me, I seem to remember a class of
>> vulnerabilities that has never really been answered, involving pushing
>> keyboard loggers into the keyboard controller itself.
>>
>> >> If you are worried about needing to find answers to admin problems by
>> >> searching the web, lynx helps somewhat. But I still restrict the
>> >> places I visit with lynx while running as an admin to my search engine
>> >> site, certain subdomains of debian.org, and such.
>> >
>> > I'm not only worried about my admin account.
>> > This is still a big security-hole for non-admins.
>>
>> The web is not safe. If you do internet banking, at least make a
>> separate, dedicated account for that, too. And if you go places where
>> maybe you should not let you go, re-think your reasons for going.
>
> So basically I would need one account for surfing, one for
> online-banking, ssh(-agent) and other important stuff and an
> admin-account. Some accounts I missed?
>
> I know that's not gonna help, but I fell like there should be a better
> way to isolate processes.

There are some experiments in sandboxing in the browser, other, more
general experiments in sandboxing apps in general. Somebody mentioned
Qube or some such.

Openbsd is partially mitigating the X11 hole with some interesting stuff.

I have a poor-man's sandbox that I blogged about several years back,
but I got it wrong relative to X11, if I remember right. I suppose I
should do some testing and update my blog, but nobody's read that post
in the last year, I think. But that method, involving sudo, does, at
least, isolate the javascript code and the cookies.

If you have a million dollars to front a project for the next three
years and feed me and my family and about ten developers, I might be
able to produce a Linux or BSD derivative that allows you to log in as
one user and fire up ephemeral users for tasks. The bulk of the
development is going to go into isolating the video buffers, I think.
And the resulting video will be slow, probably won't be able to use
most of the current hardware acceleration.

I jest. I have other things I want to do.

Cheaper and quicker to just get used to separating what you do and how
you log in.

Well, xen or one of the other VMs might help. But I'm not sure even
those will properly isolate the video buffers to avoid
screen-scraping.

> PS: Please don't CC me

Sorry about that. I usually remember to delete the sender. Too lazy to
set up a proper MUA for mailing list access.

-- 
Joel Rees

Computer memory is just fancy paper,
the cpu and i/o are just fancy pens.
This is not the magic you are looking for.
Reply to: