On 11/29/2010 10:40 AM, Lamar Owen wrote: > On Sunday, November 28, 2010 05:40:41 pm brett mm wrote: >> In reality, I am not at all sure that a quantum leap in complexity >> adds to security at all. Any proper use of old-school group >> permissions can give as finely-grained a security policy as you would >> like. > > No, it won't. > > Suppose I'm running CentOS on a workstation, and have a need to access a corporate webapp written in Flash, read corporate documents in PDF, and use other applications written in Java. So I'm going to be living in my browser for most things corporate. > > How can I prevent a compromised PDF from gaining an attacker access to my entire home directory? More to the point, how to I prevent that PDF from gaining WRITE access to files in my home directory (say, .bashrc for instance)? If you don't trust your software, run it under a uid that doesn't have write access to anything important - or in a VM or a different machine for that matter. X has no problem displaying programs running with different uids or locations. -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos