[ale] Linux Distributions

Michael B. Trausch fd0man at gmail.com
Tue May 17 21:17:22 EDT 2005


Jim Popovitch wrote:
> 
>>[snip]  Let's say that you're browsing the 
>>Web, as root, and your "trusted" Web browser has bugs in it.  Let's say 
>>that some malicious person manipulates those bugs to wipe out your files 
>>- result as a regular user: nothing too bad.  Results as root: oh-oh.
> 
> 
> If everything on the PC is specific to that one user (root or
> otherwise), then there is no worse harm running the buggy app as root or
> user xyz.  In fact a good argument can be made that you are introducing
> a false sense of security by what you say above.  Do you REALLY know
> what that buggy app just did?
> 
> -Jim P.
> 

If you have to enter passwords as a regular user to go ahead and try to
do things, then you have an additional layer between you and the actual
execution of "rm -Rf /" as root, and unless you have a keylogger
monitoring all of the terminals (which requires root privilege) it's
kind of hard to install a system-wide key logger that would start up
before you login to your user account and get your sytsem password.  If
it's started up in your shell at login, then it will be an unaccounted
for process in the process list and be caught at some point; for some
sooner rather then later.

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list