See this http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
<http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html> On Sat, Apr 30, 2011 at 9:32 AM, Hendrik Boom <[email protected]>wrote: > On Sat, Apr 30, 2011 at 12:46:12AM -0400, aaron d wrote: > > You missed the point. He was saying you can use sudo to escalate the > > privileges of ONE graphical process, a significantly safer proposition > than > > logging into and entire GUI session as root, not to mention being less of > a > > waste of time. > > I was told, long ago, of the dangers of using even a root window in X. > I was told that the X protocol allows any process with a window on an X > server (your screen) to enter events (such as keypresses) into any other > window. This is useful when you're tryng to provide interesting UI > facilities. But it provides privilege escalation if the ordinary window > happens to contain malware and teh root window is, for example, a shell > that can do *anything*. > > Whether this is still possible in X I don't know. But I'd be pleasantly > surprised it if weren't. > > -- hendrik > > > > > It has been stated on a few wikis that the fallback option for GNOME3 is > > only a temporary measure; they intend to have the system make the > decision > > for you. Again, have a look at xfce, you may like what you see. > > > > Aaron > > > > On Fri, Apr 29, 2011 at 11:27 PM, Leslie S Satenstein < > [email protected] > > > wrote: > > > > > Just for the record. When I enable the Root Access, I make certain to > not > > > use either any browser or email program. > > > > > > One thing that I find difficult to understand is this. I do a sudo > command > > > and what it gives me is command line access. One slip of a rm rf > command > > > and that file is doomed. > > > With GUI, I have a choice to delete or more to trash. In GUI, and in > Root, > > > I empty trash before exiting. > > > > > > So far, I can truthfully say that using Root GUI for many root > activities > > > is safer than using sudo commands. > > > > > > In closing, just as the danger exists in using sudo to do root > commands, > > > there is a (smaller) danger in doing maintenance from the GUI > interface. > > > > > > Renames, moving files from directory to directory, sorting a directory > by > > > date and handling older files, or sorting by type and handling those > files > > > is soo much easier in GUI mode. > > > Time is money and GUI access takes less human time. > > > > > > *------------------ > > > * > > > > > > Regards > > > * > > > Leslie > > > * > > > *Mr. Leslie Satenstein > > > *40 years in IT and going strong. > > > Yesterday was a good day, today is a better day, > > > and tomorrow will be even better. > > > > > > mailto:[email protected] <[email protected]> > > > alternative: [email protected] > > > www.itbms.biz > > > > > > _______________________________________________ > > mlug mailing list > > [email protected] > > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
