On Fri, Nov 02, 2007 at 02:41:11PM -0400, Celejar wrote: > On Fri, 2 Nov 2007 13:19:58 -0400 > "Douglas A. Tutty" <dtutty@porchlight.ca> wrote: > > > This is a more general question to an issue that came up in another > > thread. > > > > Not to single out Iceweasel but, for example, IIUC, javascript and > > flashplayer end up running someone else's code on your computer as you. > > > > What are the security implications of this? What could a malicious > > flash or piece of javascript really do you files in your home directory? > > > > What are the security implications of this if you are also a member of > > group wheel, adm, or staff? > > I would add that many users, especially on single user machines, > probably have something like: > > username ALL = NOPASSWD: ALL > > in /etc/sudoers well, that's a problem. I don't do that on any machine, just because I want to be forced to enter a sudo password so that I think that extra thought before doing whatever it is I'm about to do. Now for specific commands? sure like NOPASSWD:/sbin/shutdown on my laptop, because that's just convenient and if someone wants to hack my lappy and shut it down, well, more power to them... A
Attachment:
signature.asc
Description: Digital signature