Comment 14P Re: Working as intended


Lack of GUI Isolation as Linux security flaw


Working as intended (Score: 3, Insightful)

by on 2014-04-18 21:56 (#14E)

She's describing expected behavior. I don't see anything resembling "an inherent security flaw" in either X or Windows. If you don't trust the programs running in your user environment, you surely shouldn't expect additional security in an elevated privilege window inside that environment.

Also, the part about Windows doing anything different is complete BS. The article "Running Vista Every Day!" shows her clear lack of understanding on what UAC is doing.

Re: Working as intended (Score: 5, Interesting)

by on 2014-04-19 16:40 (#14N)

Eh, I disagree. It is expected behavior, and it is indeed well known. Nonetheless, it is wrong. An application with user privilege should never have such complete control of an application running with root privileges in a sane, secure environment. Allowing that is asking for privilege escalation. The fact that input information is made so readily available to otherwise unrelated programs just makes it worse.

Back in ~2009 there was a bit of a stir involving the sheer ease of getting the window managers KDE and GNOME to run unintended programs using .desktop files . As far as I can tell, it still works. This is a real problem, with potentially nasty consequences.

Re: Working as intended (Score: 2, Insightful)

by on 2014-04-19 16:47 (#14P)

Hrm. While what I wrote makes sense, I should have added that ultimately it is highly difficult and truly unreasonable to retain control of every single piece of code that runs on your machine. All that needs to happen in this case is for some code somewhere to write a single line into an easily writable file in someone's home directory to start logging. That is a flaw, we can do better than that.


Time Reason Points Voter
2014-04-21 12:28 Insightful +1

Junk Status

Not marked as junk