Re: How to use rpm to install adobe-flash?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(I was hoping someone else would take the time to explain this.)

On Mon, Apr 11, 2011 at 12:42 PM, suvayu ali
<fatkasuvayu+linux@xxxxxxxxx> wrote:
> On Sun, Apr 10, 2011 at 7:04 PM, Joel Rees <joel.rees@xxxxxxxxx> wrote:
>> This is not to be mean to the other users. It's to protect the other
>> users from the vulnerabilities in flash. If flash is installed
>> globally (the usual thing that happens when you use the rpm package),
>> all users become vulnerable. Including that administrator account that
>> you never use to get on the web, except to fedoraproject.org and other
>> places where you need to read the manuals, etc.
>
> I don't think this is correct. Permissions for plugins are not setuid.

setuid is not really relavent to this particular question.

> So as long as the call to load the library is done as a regular user
> (as in, you don't surf the Internet as root),

Sure, you don't surf the web as root. I don't surf the web as root.
Nor do we surf the web as a user capable of raising privilege
temporarily via sudo.

And we always su (if we do use su to do administrative tasks) from
users that we never surf the web from, right? You understand why?

And we have a dedicated user for downloading live CD and install CD
images, Oracle's Java (if we need that) and (ahem) Adobe's Flash,
getting on-line to paypal or your bank, etc.

Right?

Does that explain why I'm saying you don't want Flash loading every
time you run your web browser as any user?

> vulnerabilities in the
> plugin can _only_ affect the regular user.

There are many paths to exploits besides things directly running in
the instance of the web server (with plugins) which you are currently
running. Tricks like leaving keyloggers and trojans behind, in places
where they get executed the next time you log in instead of now.

So a Flash exploit lets the bad guys leave a keylogger in your surfing
account. That's not good (and in some senses it's a ticking time
bomb), but at least it isn't as bad as it could be.

Joel Rees
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux