On Tuesday, November 30, 2010 02:35 AM, Les Mikesell wrote:
On 11/29/2010 10:40 AM, Lamar Owen wrote:
On Sunday, November 28, 2010 05:40:41 pm brett mm wrote:
In reality, I am not at all sure that a quantum leap in complexity adds to security at all. Any proper use of old-school group permissions can give as finely-grained a security policy as you would like.
No, it won't.
Suppose I'm running CentOS on a workstation, and have a need to access a corporate webapp written in Flash, read corporate documents in PDF, and use other applications written in Java. So I'm going to be living in my browser for most things corporate.
How can I prevent a compromised PDF from gaining an attacker access to my entire home directory? More to the point, how to I prevent that PDF from gaining WRITE access to files in my home directory (say, .bashrc for instance)?
If you don't trust your software, run it under a uid that doesn't have write access to anything important - or in a VM or a different machine for that matter. X has no problem displaying programs running with different uids or locations.
Hurrah! That's it! Just move the problem elsewhere. Oh, you snipped out a bit too much. Write access is not just the problem. Being able to upload and execute is also a problem. Can you say 'bot'?