Re: How to use gksu to safely run a non-open-source application?
- From: Jack Dodds <brmdamon aci on ca>
- To: gnome-list gnome org
- Subject: Re: How to use gksu to safely run a non-open-source application?
- Date: Sun, 19 Dec 2004 15:17:49 -0500
Thanks for your comments!
dsr tao merseine nu wrote:
My solution is to create a "non-secure" user called realplay, in a
group called realplay. This user is treated as hostile, and is not
given access to any files of any other user.
That's not how UNIX permissions work... realplay may read, write
and execute any files it can see which allow this. For example,
a file in /home/jack with permissions rw-r--r-- can be read,
though not written to, by realplay.
My scheme depends on users using permissions rw-r----- as default.
After all, a user who is reasonably paranoid, will not allow "other"
users to read her files. But if rw-r----- permissions are used as the
default for human users, will this cause problems in other areas?
You can limit the files that a user can see by placing it in a
chroot'd environment.
<>Rather than using an su -alike, you may want to use a sudo-alike.
Permissions can be much finer-grained, controlled by
/etc/sudoers.
Thanks for the comments. I've tried using su (rather than gksu) and
there seems to be a problem - I think X can't display on my desktop when
running as the new user. I suspect that this would be a problem with
sudo, unless that is a GTK+ version of sudo (call it gksudo???).
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]