Re: risks of using net apps as a user in wheel or adm?

To: debian-user@lists.debian.org
Subject: Re: risks of using net apps as a user in wheel or adm?
From: Celejar <celejar@gmail.com>
Date: Fri, 2 Nov 2007 14:41:11 -0400
Message-id: <[🔎] 20071102144111.bcee0e52.celejar@gmail.com>
In-reply-to: <[🔎] 20071102171958.GB7681@titan.hooton>
References: <[🔎] 20071102171958.GB7681@titan.hooton>

On Fri, 2 Nov 2007 13:19:58 -0400
"Douglas A. Tutty" <dtutty@porchlight.ca> wrote:

> This is a more general question to an issue that came up in another
> thread.
> 
> Not to single out Iceweasel but, for example, IIUC, javascript and
> flashplayer end up running someone else's code on your computer as you.  
> 
> What are the security implications of this?  What could a malicious
> flash or piece of javascript really do you files in your home directory?
> 
> What are the security implications of this if you are also a member of
> group wheel, adm, or staff?

I would add that many users, especially on single user machines,
probably have something like:

username ALL = NOPASSWD: ALL

in /etc/sudoers

> Doug.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Follow-Ups:
- Re: risks of using net apps as a user in wheel or adm?
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

References:
- risks of using net apps as a user in wheel or adm?
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: resolv.conf question
Next by Date: Re: how to reinstall?
Previous by thread: risks of using net apps as a user in wheel or adm?
Next by thread: Re: risks of using net apps as a user in wheel or adm?
Index(es):
- Date
- Thread