Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] memory management

On Sun, Jun 21, 2015 at 05:57:06PM +0200, Bill Bogstad wrote:
> > xhost +SI:localuser:myffuser
> > sudo -u ffuser /usr/bin/firefox
> > xhost -SI:localuser:myffuser
> >
> > It's not an issue on a single user box; it's the same user (human) with a
> > different UID.
> >
> This is where I disagree.   If it doesn't increase security over using the
> same UID, why bother.  

It does though... it enables you to access the user's display without
allowiong you to access their files (at least directly; it's possible
there's some exploit but I'm not aware of one).

> Second, if that user id has the privileges to pop up windows on the same X
> server as my "real" user id; I might get spoofed, have my screen or even
> possibly my keystrokes captured.   

The method I just posted will prevent that too.  But it's
extraordinarily unlikely that anything you're doing with your browser
is going to result in such an attack.

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /