Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Your proposal is OK if accessing sensitive information is something you only do occasionally, but it's not very practical to switch users completely if you deal with sensitive information often, which many people do.

    $ sudo -u banking gnucash &
    $ firefox &
Done. My banking files and my Firefox session are now separated.


Interestingly, you may have just fucked yourself, because the sudo session is maintained whilst launching Firefox.

If we create a script 1:

   #!/bin/sh
   echo "I'm doing something secure"
And then script 2:

   #!/bin/sh
   echo "I'm doing something insecure".
   sudo echo "I'm doing something malicious".
Then run:

  $ sudo ./script1.sh; ./script2.sh
Looks like Firefox has access to your banking user :)


Not if sudo is set to only allow gnucash! :-)


And for the 99.7% of users in the real world who drive their computers using a GUI and not a command line? Or those who do use a command line but aren't sufficiently competent with system administration to reliably get sudo-based access control right every time?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: