[MLUG] Fedora 15 ideosynchracies.

Hendrik Boom hendrik at topoi.pooq.com
Sat Apr 30 09:32:41 EDT 2011 

On Sat, Apr 30, 2011 at 12:46:12AM -0400, aaron d wrote:
> You missed the point. He was saying you can use sudo to escalate the
> privileges of ONE graphical process, a significantly safer proposition than
> logging into and entire GUI session as root, not to mention being less of a
> waste of time.

I was told, long ago, of the dangers of using even a root window in X.  
I was told that the X protocol allows any process with a window on an X 
server (your screen) to enter events (such as keypresses) into any other 
window.  This is useful when you're tryng to provide interesting UI 
facilities.  But it provides privilege escalation if the ordinary window 
happens to contain malware and teh root window is, for example, a shell 
that can do *anything*.  

Whether this is still possible in X I don't know.  But I'd be pleasantly 
surprised it if weren't.

-- hendrik

> 
> It has been stated on a few wikis that the fallback option for GNOME3 is
> only a temporary measure; they intend to have the system make the decision
> for you. Again, have a look at xfce, you may like what you see.
> 
> Aaron
> 
> On Fri, Apr 29, 2011 at 11:27 PM, Leslie S Satenstein <lsatenstein at yahoo.com
> > wrote:
> 
> > Just for the record. When I enable the Root Access, I make certain to not
> > use either any browser or email program.
> >
> > One thing that I find difficult to understand is this.  I do a sudo command
> > and what it gives me is command line access.  One slip of a rm rf command
> > and that file is doomed.
> > With GUI, I have a choice to delete or more to trash.  In GUI, and in Root,
> > I empty trash before exiting.
> >
> > So far, I can truthfully say that using Root GUI for many root activities
> > is safer than using sudo commands.
> >
> > In closing, just as the danger exists in using sudo to do root commands,
> > there is a (smaller) danger in doing maintenance from the GUI interface.
> >
> > Renames, moving files from directory to directory, sorting a directory by
> > date and handling older files, or sorting by type and handling those files
> > is soo much easier in GUI mode.
> > Time is money and GUI access takes less human time.
> >
> > *------------------
> > *
> >
> > Regards
> >  *
> >  Leslie
> > *
> > *Mr. Leslie Satenstein
> > *40 years in IT and going strong.
> > Yesterday was a good day, today is a better day,
> > and tomorrow will be even better.
> >
> > mailto:lsatenstein at yahoo.com <lsatenstein at yahoo.com>
> > alternative: leslie.satenstein at itbms.biz
> > www.itbms.biz
> >

> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

More information about the mlug mailing list