[MLUG] Fedora 15 ideosynchracies.

Sat Apr 30 09:59:13 EDT 2011

See this

http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

<http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html>

On Sat, Apr 30, 2011 at 9:32 AM, Hendrik Boom <hendrik at topoi.pooq.com>wrote:

> On Sat, Apr 30, 2011 at 12:46:12AM -0400, aaron d wrote:
> > You missed the point. He was saying you can use sudo to escalate the
> > privileges of ONE graphical process, a significantly safer proposition
> than
> > logging into and entire GUI session as root, not to mention being less of
> a
> > waste of time.
>
> I was told, long ago, of the dangers of using even a root window in X.
> I was told that the X protocol allows any process with a window on an X
> server (your screen) to enter events (such as keypresses) into any other
> window.  This is useful when you're tryng to provide interesting UI
> facilities.  But it provides privilege escalation if the ordinary window
> happens to contain malware and teh root window is, for example, a shell
> that can do *anything*.
>
> Whether this is still possible in X I don't know.  But I'd be pleasantly
> surprised it if weren't.
>
> -- hendrik
>
> >
> > It has been stated on a few wikis that the fallback option for GNOME3 is
> > only a temporary measure; they intend to have the system make the
> decision
> > for you. Again, have a look at xfce, you may like what you see.
> >
> > Aaron
> >
> > On Fri, Apr 29, 2011 at 11:27 PM, Leslie S Satenstein <
> lsatenstein at yahoo.com
> > > wrote:
> >
> > > Just for the record. When I enable the Root Access, I make certain to
> not
> > > use either any browser or email program.
> > >
> > > One thing that I find difficult to understand is this.  I do a sudo
> command
> > > and what it gives me is command line access.  One slip of a rm rf
> command
> > > and that file is doomed.
> > > With GUI, I have a choice to delete or more to trash.  In GUI, and in
> Root,
> > > I empty trash before exiting.
> > >
> > > So far, I can truthfully say that using Root GUI for many root
> activities
> > > is safer than using sudo commands.
> > >
> > > In closing, just as the danger exists in using sudo to do root
> commands,
> > > there is a (smaller) danger in doing maintenance from the GUI
> interface.
> > >
> > > Renames, moving files from directory to directory, sorting a directory
> by
> > > date and handling older files, or sorting by type and handling those
> files
> > > is soo much easier in GUI mode.
> > > Time is money and GUI access takes less human time.
> > >
> > > *------------------
> > > *
> > >
> > > Regards
> > >  *
> > >  Leslie
> > > *
> > > *Mr. Leslie Satenstein
> > > *40 years in IT and going strong.
> > > Yesterday was a good day, today is a better day,
> > > and tomorrow will be even better.
> > >
> > > mailto:lsatenstein at yahoo.com <lsatenstein at yahoo.com>
> > > alternative: leslie.satenstein at itbms.biz
> > > www.itbms.biz
> > >
>
> > _______________________________________________
> > mlug mailing list
> > mlug at listserv.mlug.ca
> >
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mlug-listserv.mlug.ca/attachments/20110430/ca592fa7/attachment.htm>