Ed Greshko wrote: > On 04/16/2010 12:41 AM, Tom Horsley wrote: >> On Thu, 15 Apr 2010 23:42:46 +0800 >> Ed Greshko wrote: >> >> >>> At some point, they'd logout and later, next >>> day...after lunch, login as themselves and now have all sorts of >>> troubles they didn't have before. >>> >> "It is possible for idiots to screw up", is not the same as >> an actual case history of some exploit hitting someone >> only because they were running a GUI app as root. I'm still >> waiting for the pointer to those case histories :-). >> > Well, the point being that in this case some directories were set to > 777. This allowed others to, for example, read other people's mail, > gain access to other people's personal files, photos, etc. Yes, it is a > "local exploit". But, if some guy had emails about his colleagues he > didn't want to get out...or his cache file was filled with trails of > visiting porn sites...or... > > I suppose you'd find that OK...and just chalk it up to "idiots". But > that is one of the reasons for making it hard for folks to login as root > from the GUI. To protect them from themselves. > This doesn't sound like something easy to do by accident from a GUI, or at any rate not more easily than CLI. The root cause is that this user had root at all. :-( -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
