How to use rpm to install adobe-flash?
suvayu ali
fatkasuvayu+linux at gmail.com
Wed Apr 13 17:34:15 UTC 2011
Hi Joel,
On Wed, Apr 13, 2011 at 5:56 AM, Joel Rees <joel.rees at gmail.com> wrote:
> And we always su (if we do use su to do administrative tasks) from
> users that we never surf the web from, right? You understand why?
>
I presume you are alluding to the possibility of the system being
affected by keyloggers (as you mention later in your post)?
> Does that explain why I'm saying you don't want Flash loading every
> time you run your web browser as any user?
>
How does this change when flash is installed as the regular user?
Irrespective of how flash was installed, whatever vulnerabilities it
introduces will be limited to the account that is using it. Isn't that
correct?
>> vulnerabilities in the
>> plugin can _only_ affect the regular user.
>
> There are many paths to exploits besides things directly running in
> the instance of the web server (with plugins) which you are currently
> running. Tricks like leaving keyloggers and trojans behind, in places
> where they get executed the next time you log in instead of now.
>
> So a Flash exploit lets the bad guys leave a keylogger in your surfing
> account. That's not good (and in some senses it's a ticking time
> bomb), but at least it isn't as bad as it could be.
How does (not-)installing flash as root affect any of the above? What
you are talking about above is something everyone should be mindful of
when surfing the Internet irrespective of whether they are using flash.
I still fail to see how installing flash as the regular user is saving
the user from any vulnerabilities which he/she would be otherwise prone to.
--
Suvayu
Open source is the future. It sets us free.
More information about the users
mailing list