risks of using net apps as a user in wheel or adm?

To: debian-user@lists.debian.org
Subject: risks of using net apps as a user in wheel or adm?
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Fri, 2 Nov 2007 13:19:58 -0400
Message-id: <[🔎] 20071102171958.GB7681@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org

This is a more general question to an issue that came up in another
thread.

Not to single out Iceweasel but, for example, IIUC, javascript and
flashplayer end up running someone else's code on your computer as you.  

What are the security implications of this?  What could a malicious
flash or piece of javascript really do you files in your home directory?

What are the security implications of this if you are also a member of
group wheel, adm, or staff?

As for my home directory, of course it has security-sensitve info:
health info, passwords, and other private documents.

Should I have a separate user setup for just running a javascript- and
flash-enabled web browser?

I know that any software can have bugs, but I think that software that
has to keep up with features to be useable (e.g. a browser) is more
likely to be at risk of unknown exploits than more feature-stable
net-apps such as mutt, exim, ftp, or rsync.

Doug.

Reply to:

Follow-Ups:
- Re: risks of using net apps as a user in wheel or adm?
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: how to reinstall?
Next by Date: Re: resolv.conf question
Previous by thread: Re: intall nvidia driver on debian lenny
Next by thread: Re: risks of using net apps as a user in wheel or adm?
Index(es):
- Date
- Thread