[Discuss] memory management

[invalid at pizzashack.org (Derek Martin)]

On Sun, Jun 21, 2015 at 05:57:06PM +0200, Bill Bogstad wrote:
> > xhost +SI:localuser:myffuser
> > sudo -u ffuser /usr/bin/firefox
> > xhost -SI:localuser:myffuser
> >
> > It's not an issue on a single user box; it's the same user (human) with a
> > different UID.
> >
> 
> This is where I disagree.   If it doesn't increase security over using the
> same UID, why bother.  

It does though... it enables you to access the user's display without
allowiong you to access their files (at least directly; it's possible
there's some exploit but I'm not aware of one).

> Second, if that user id has the privileges to pop up windows on the same X
> server as my "real" user id; I might get spoofed, have my screen or even
> possibly my keystrokes captured.   

The method I just posted will prevent that too.  But it's
extraordinarily unlikely that anything you're doing with your browser
is going to result in such an attack.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.