Hi Joel, On Wed, Apr 13, 2011 at 5:56 AM, Joel Rees <joel.rees@xxxxxxxxx> wrote: > And we always su (if we do use su to do administrative tasks) from > users that we never surf the web from, right? You understand why? > I presume you are alluding to the possibility of the system being affected by keyloggers (as you mention later in your post)? > Does that explain why I'm saying you don't want Flash loading every > time you run your web browser as any user? > How does this change when flash is installed as the regular user? Irrespective of how flash was installed, whatever vulnerabilities it introduces will be limited to the account that is using it. Isn't that correct? >> vulnerabilities in the >> plugin can _only_ affect the regular user. > > There are many paths to exploits besides things directly running in > the instance of the web server (with plugins) which you are currently > running. Tricks like leaving keyloggers and trojans behind, in places > where they get executed the next time you log in instead of now. > > So a Flash exploit lets the bad guys leave a keylogger in your surfing > account. That's not good (and in some senses it's a ticking time > bomb), but at least it isn't as bad as it could be. How does (not-)installing flash as root affect any of the above? What you are talking about above is something everyone should be mindful of when surfing the Internet irrespective of whether they are using flash. I still fail to see how installing flash as the regular user is saving the user from any vulnerabilities which he/she would be otherwise prone to. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
