Re: Security hole in LXDE?

To: debian-user@lists.debian.org
Subject: Re: Security hole in LXDE?
From: <tomas@tuxteam.de>
Date: Thu, 2 Mar 2017 21:18:38 +0100
Message-id: <[🔎] 20170302201838.GA7561@tuxteam.de>
In-reply-to: <[🔎] 1857514.Amd6fi56zX@protheus1>
References: <7419461.KfDLPVJcsL@protheus1> <[🔎] 5578378.u6O0tEx47v@protheus1> <[🔎] 20170302131259.GA23864@tuxteam.de> <[🔎] 1857514.Amd6fi56zX@protheus1>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 02, 2017 at 02:32:19PM +0100, Hans wrote:

[snip snip]

OK, given your answers, the recommended path would be to remove your
user (hans) from group sudo, perhaps so:

  deluser hans sudo

(you've to be root for that, perhaps with -ahem- sudo ;-)

and then see whether the system behaves as you expect. You can change
things back with

  adduser hans sudo

(this time not with sudo, heh).

Note that sudo is pretty useful in other situations: you can specify
that users get sudo powers only for specific programs: that would e.g.
allow regular users to invoke a backup even if they aren't allowed to
read the files they back up. Careful planning is a good idea, since
if (to keep with the example) they have access to the backup medium
they would be able to read the files anyway -- or worse.

Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli4fh4ACgkQBcgs9XrR2kYN5gCaAk7PblG3qf+LoMHzldB9Mz8x
N9oAn3xgOJzWcEEugWFQsGu3ejhp6UEd
=TbB6
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: Security hole in LXDE?
  - From: Hans <hans.ullrich@loop.de>
- Re: Security hole in LXDE?
  - From: <tomas@tuxteam.de>
- Re: Security hole in LXDE?
  - From: Hans <hans.ullrich@loop.de>

Prev by Date: Re: CD Audio - sometimes provided as vfs by the kernel?
Next by Date: Re: Security hole in LXDE?
Previous by thread: Re: Security hole in LXDE?
Next by thread: Re: Security hole in LXDE?
Index(es):
- Date
- Thread