Timeline for Is running programs as another user useful?
Current License: CC BY-SA 3.0
15 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 15, 2013 at 18:57 | comment | added | peterph | @IliaRostovtsev sorry, I don't really understand the first part. For the second: you want to isolate the application in question as much as possible. Options ordered from best to worst separation: stand-alone hw, VM, OS-level virtualization (LXC et al.), tighter/more precise privilege control (GRSecurity, SELinux, AppArmor et al.). However separation is not a substitute for updating/patching holes. It helps to prevent exploitation of publicly unknown ones. | |
| Dec 15, 2013 at 17:45 | comment | added | Ilia Ross | @peterph Later, yes but unpatched holes? How about updating everyday? What you're say is just remotely supposable and less likely doable, right? How would you combine everyday life and security mesuares that would prevent you from a possible attack? SELinux? | |
| Dec 15, 2013 at 17:38 | comment | added | peterph |
@IliaRostovtsev "local exploit" doesn't mean just reading /etc/shadow. It can actively try to gain elevated privileges through unpatched holes - and then it mostly doesn't matter what UID it starts with.
|
|
| Dec 15, 2013 at 16:22 | comment | added | Ilia Ross | @peterph Let's say the program is malicious, ok! What it can possibly do to your system? Read your /etc/shadow file (in case it's not chmod 0000), so what? It will not be able to run anything or do anything to affect your personal directory - thus your files? Am I right? Please, convince me wrong with possible example?! | |
| Dec 15, 2013 at 16:02 | comment | added | peterph | @IliaRostovtsev I think I explained it clearly enough - it doesn't protect you from local vulnerabilities. If you expect the application to be malevolent, then the first question really is is whether you need it that much. If you do, my preference would be running it in a virtual machine or constrained by for example GRSecurity, SELinux or AppArmor. | |
| Dec 12, 2013 at 7:09 | comment | added | Ilia Ross | @peterph, Peter, not sure why you mentioned that running a program as another user doesn't help. If you use it then the running program is not able to read you data at all? (with chmod 700). It even can't access hardware in a standard way! Please take a look at my question: unix.stackexchange.com/questions/103999/… | |
| Mar 3, 2013 at 16:13 | comment | added | peterph | Single X server setup is tricky, since once a client can connect to it, it may possibly steal data from other applications (unless they have input grab, which is generally very inconvenient). | |
| Mar 3, 2013 at 0:00 | comment | added | xavierm02 | And I already have everything but my boot partition encrypted :) | |
| Mar 2, 2013 at 23:59 | comment | added | xavierm02 | What about SELinux (with multiple users or with a single one and with multiple X servers or with a single one)? Would you think of it as a decent alternative? | |
| Mar 2, 2013 at 20:45 | comment | added | peterph | As for the email, if you think open-source solution gives you enough security (it is usually considered to be the case), the two things you really want to do are 1) making sure the emails are stored in files accessible only by you, and 2) encrypt at least the filesystem containing them and swap. | |
| Mar 2, 2013 at 20:39 | comment | added | peterph | OK, that's fair enough. Nevertheless, using different user to run program under the same X server is (from security point of view) just half-cooked. Running the programs under separate X servers might help a bit and you can also try to use LXC to separate the processes even more. Full virtualisation is of course the best solution (apart from two physical computers) and there are even some attempts on virtualised accelerated graphic card (the performance wouldn't be what you'd probably need for HoN, but it's under development). | |
| Mar 2, 2013 at 11:39 | comment | added | xavierm02 | And I assume my OS etc. is safe too because I'm far from having the competence to understand how it works. But since it's open source, I'm fine. On the contrary, all the programs I named are close-sourced. | |
| Mar 2, 2013 at 11:37 | comment | added | xavierm02 | And no, the per program users would have less rights. HoN would have only internet and his files, chrome only internet and printer etc. | |
| Mar 2, 2013 at 11:34 | comment | added | xavierm02 | The thing is, I can't control how well my emails are protected and I'm sure they do it better than I would if I were to set my own email server. So I just assume they to it safely enough since I have no alternative. But I can affect what's running on my computer and I'd like to make sure it's not the weakest part or that, if it is, it isn't too weak. | |
| Mar 1, 2013 at 21:22 | history | answered | peterph | CC BY-SA 3.0 |