On Sun, Jun 21, 2015 at 05:57:06PM +0200, Bill Bogstad wrote: > > xhost +SI:localuser:myffuser > > sudo -u ffuser /usr/bin/firefox > > xhost -SI:localuser:myffuser > > > > It's not an issue on a single user box; it's the same user (human) with a > > different UID. > > > > This is where I disagree. If it doesn't increase security over using the > same UID, why bother.
It does though... it enables you to access the user's display without allowiong you to access their files (at least directly; it's possible there's some exploit but I'm not aware of one). > Second, if that user id has the privileges to pop up windows on the same X > server as my "real" user id; I might get spoofed, have my screen or even > possibly my keystrokes captured. The method I just posted will prevent that too. But it's extraordinarily unlikely that anything you're doing with your browser is going to result in such an attack. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
