Where's Konqueror in SU
John Summerfield
debian at herakles.homelinux.org
Mon Nov 2 15:50:07 UTC 2009
Karel Voln wrote:
>
> $ konqueror localhost:631
> <supply root password to konqueror when asked for>
>
> ?
>
> in the first case, if the attacker gets in control of Konqueror,
> he can do rm -rf / directly; in the latter, he can capture root
> password ... which may (or may not) be more valuable
I don't think much of your example, but in practice if some cracker
tries to "rm -rf /" there's not a lot to choose, on my systems, between
doing it as root and doing it is me. My valuables are mostly in ~ and
the operating system is way easier to replace than the stuff in ~.
More likely, Ungodly will be looking for my banking details, and i I
allow a browser to store unencrypted account details, being root doesn't
make my situation worsse
However, I think the biggest hazards is through trojans, and if I can
persuade you that you really should give my custom version of Firefox a
burl, I've got you. along with Firefox I could install keyloggers to
record what you type, I I can correlate what you type with where you go,,,,
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the test
mailing list