(way off topic...) > It's quite a security shame that ubuntu ships without fully working "running as different user" mechanisms for so long.
I wouldn't give un-trusted programs access to my X display. X isn't secure like that! When I run p2p filesharing programs (complex and crash-prone programs written in C, specifically designed to connect to many untrusted peers... What could possibly be wrong with that?) I run them as a different user (that doesn't have sudo privs, among other things), displaying on a Xvnc. I even have a startxvnc.sh script that starts xvnc, starts fluxbox on it, starts mrxvt, and injects commands into the mrxvt (via its --useFifo option), so it's like I interactively started things from the shell in the mrxvt. Or, most usefully, from an interactive gdb in the shell in the mrxvt, so I can thread apply all bt full when the program eventually crashes. I've thought about using apparmor to restrict p2p programs, but they're written to be able to upgrade themselves, so they need write access to their own binaries, and of course access to an X display. (using Xvnc makes it detachable/re-attachable after restarting my desktop, like screen(1) is for programs in a terminal window.) -- wrong ownership of .Xauthority and /tmp/libgksu-xxx https://bugs.launchpad.net/bugs/275304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
