On Thu, Dec 29, 2011 at 12:47 PM, Craig White <craigwhite@xxxxxxxxxxx> wrote: > On Thu, 2011-12-29 at 11:56 +0900, Joel Rees wrote: > >> >> Logged in as a different user, XFCE is running on that user. One >> >> difference is that I have flash installed locally in the user that has >> >> the problems. (It's about time to see if Adobe has a more recent >> >> update, I guess.) >> > >> > I'd advise using the adobe yum repo for that reason. You can get >> > updates much easier. >> >> Can you set that up to only load libflashplayer.so to the user's local >> .mozilla/plugins to limit the damage every time another exploit is found? >> I prefer to keep it out of the accounts I do real work on, just load it in my >> kids' account for playing and an account I use for accessing sites that >> insist on using flash. >> >> Don't like having their setup stuff loaded globally, but I decided it >> was not the same level risk. > ---- > you can 'disable' any plugins at the 'profile' level thus achieving the > same thing. In other words, the plugin is installed and available to all > users but some users can simply disable the plugin. Well, yes and no. Locally installed code tends to be more limited in the damage it can do. Specifically, if a bad-guy website succeeds somehow in modifying the global library, everyone is hurt. But if there's no global library, well, there's no global library for the intruder to modify (if she gets that far). Sure, you don't want to forget and leave it writeable by the user, and you may want to change the owner to a non-existent user. Ultimately, it's a low wall and not very wide, but we need every low wall we can get for something like Flash. -- Joel Rees -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
