[ale] Linux Distributions

Jim Popovitch jimpop at yahoo.com
Tue May 17 15:45:02 EDT 2005


On Tue, 2005-05-17 at 15:17 -0400, George Carless wrote:

> > If everything on the PC is specific to that one user (root or
> > otherwise), then there is no worse harm running the buggy app as root or
> > user xyz.  In fact a good argument can be made that you are introducing
> > a false sense of security by what you say above.  Do you REALLY know
> > what that buggy app just did?
> 
> Eh?

If you run your browser as user bob, how do you really know that
java/javascript/flash/realplayer/etc. didn't just do a malicious thing
that did in fact gain root privileges via any local root exploit (like
the ones just announced in kernel 2.6.11)?

-Jim P.



More information about the Ale mailing list