Re: How to use gksu to safely run a non-open-source application?

Thanks for your comments!

dsr tao merseine nu wrote:

My solution is to create a "non-secure" user called realplay, in a group called realplay. This user is treated as hostile, and is not given access to any files of any other user.

That's not how UNIX permissions work... realplay may read, write
and execute any files it can see which allow this. For example,
a file in /home/jack with permissions rw-r--r-- can be read,
though not written to, by realplay.

My scheme depends on users using permissions rw-r----- as default. After all, a user who is reasonably paranoid, will not allow "other" users to read her files. But if rw-r----- permissions are used as the default for human users, will this cause problems in other areas?

You can limit the files that a user can see by placing it in a
chroot'd environment.

<>Rather than using an su -alike, you may want to use a sudo-alike. Permissions can be much finer-grained, controlled by

Thanks for the comments. I've tried using su (rather than gksu) and there seems to be a problem - I think X can't display on my desktop when running as the new user. I suspect that this would be a problem with sudo, unless that is a GTK+ version of sudo (call it gksudo???).

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]