[MLUG] Fedora 15 ideosynchracies.

Hendrik Boom hendrik at topoi.pooq.com
Sat Apr 30 11:33:17 EDT 2011 

On Sat, Apr 30, 2011 at 09:59:13AM -0400, Yanik Doucet wrote:
> See this
> 
> http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
> 
> <http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html>

So it is still a problem.

-- hendrik

> 
> On Sat, Apr 30, 2011 at 9:32 AM, Hendrik Boom <hendrik at topoi.pooq.com>wrote:
> 
> > On Sat, Apr 30, 2011 at 12:46:12AM -0400, aaron d wrote:
> > > You missed the point. He was saying you can use sudo to escalate the
> > > privileges of ONE graphical process, a significantly safer proposition
> > than
> > > logging into and entire GUI session as root, not to mention being less of
> > a
> > > waste of time.
> >
> > I was told, long ago, of the dangers of using even a root window in X.
> > I was told that the X protocol allows any process with a window on an X
> > server (your screen) to enter events (such as keypresses) into any other
> > window.  This is useful when you're tryng to provide interesting UI
> > facilities.  But it provides privilege escalation if the ordinary window
> > happens to contain malware and teh root window is, for example, a shell
> > that can do *anything*.
> >
> > Whether this is still possible in X I don't know.  But I'd be pleasantly
> > surprised it if weren't.
> >
> > -- hendrik
> >
> > >
> > > It has been stated on a few wikis that the fallback option for GNOME3 is
> > > only a temporary measure; they intend to have the system make the
> > decision
> > > for you. Again, have a look at xfce, you may like what you see.
> > >
> > > Aaron
> > >
> > > On Fri, Apr 29, 2011 at 11:27 PM, Leslie S Satenstein <
> > lsatenstein at yahoo.com
> > > > wrote:
> > >
> > > > Just for the record. When I enable the Root Access, I make certain to
> > not
> > > > use either any browser or email program.
> > > >
> > > > One thing that I find difficult to understand is this.  I do a sudo
> > command
> > > > and what it gives me is command line access.  One slip of a rm rf
> > command
> > > > and that file is doomed.
> > > > With GUI, I have a choice to delete or more to trash.  In GUI, and in
> > Root,
> > > > I empty trash before exiting.
> > > >
> > > > So far, I can truthfully say that using Root GUI for many root
> > activities
> > > > is safer than using sudo commands.
> > > >
> > > > In closing, just as the danger exists in using sudo to do root
> > commands,
> > > > there is a (smaller) danger in doing maintenance from the GUI
> > interface.
> > > >
> > > > Renames, moving files from directory to directory, sorting a directory
> > by
> > > > date and handling older files, or sorting by type and handling those
> > files
> > > > is soo much easier in GUI mode.
> > > > Time is money and GUI access takes less human time.
> > > >
> > > > *------------------
> > > > *
> > > >
> > > > Regards
> > > >  *
> > > >  Leslie
> > > > *
> > > > *Mr. Leslie Satenstein
> > > > *40 years in IT and going strong.
> > > > Yesterday was a good day, today is a better day,
> > > > and tomorrow will be even better.
> > > >
> > > > mailto:lsatenstein at yahoo.com <lsatenstein at yahoo.com>
> > > > alternative: leslie.satenstein at itbms.biz
> > > > www.itbms.biz
> > > >
> >
> > > _______________________________________________
> > > mlug mailing list
> > > mlug at listserv.mlug.ca
> > >
> > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
> >
> > _______________________________________________
> > mlug mailing list
> > mlug at listserv.mlug.ca
> > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
> >

> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

More information about the mlug mailing list