faq  flatforty  contribute  subscribe  configure  search  rdf  main  parent	su nobody by not me on Tuesday 10/Jul/2001, @02:26 To get rid of the security problems, why couldn't all ActiveX controls be run as a harmless user (such as the user nobody on most systems, who has no access to files)? It would seem pretty easy to implement. Does Shockwave really need disk access to function? Even if it does, it could be totally restricted to a single directory. You could even chroot it. Linux's security system is meant to prevent security fiascoes like ActiveX - we should use it! P.S. I hate to be a wet blanket, but this is just one less reason for companies to make Linux native versions of their plugins. Oh well, if it helps Linux become more popular, I guess it'll be beneficial. If Linux becomes dominant, more plugins will become native anyway :-)	Related Links  ·   Articles on Konqueror  ·   Also by not me  ·   Contact author Thread Threshold: 10 comments 20 comments 30 comments 40 comments 50 comments 60 comments 70 comments 80 comments 90 comments 100 comments 110 comments 120 comments 130 comments 140 comments 150 comments 160 comments 170 comments 180 comments 190 comments 200 comments 300 comments 400 comments 500 comments 1000 comments
	The Fine Print: The following comments are owned by whomever posted them. ( Reply ) Re: su nobody by KDE User on Tuesday 10/Jul/2001, @04:28 Brilliant idea! Make your reaktivate binary setuid nobody and chrooted /dev/null! [ Reply To This | View ] Re: su nobody by cylab on Tuesday 10/Jul/2001, @06:46 why not start reaktivate in a dedicated wine-system as a sandbox. best would be a template, from wich the actual wine-system will be copied for every activex control. this way the control could do whatever it wants with this system... just kill the wine instance and you have a clean system again... am i wrong ? [ Reply To This | View ] Re: su nobody by Malte on Tuesday 10/Jul/2001, @11:26 I'm not too sure if su nobody is easily possible given that usually nobody has no write access at all (apart from /tmp maybe). We need to install some files that we download and need to change WINE's registry. Running the whole thing chrooted is planned, though. However, it requires quite a few design changes. Stay tuned. [ Reply To This | View ] Re: su nobody by Roger Oberholtzer on Sunday 15/Jul/2001, @16:01 I agree that it would be better if 'native' binaries were made. But, think of the justice in running DLLs intended for a different platform, but more securely. Would people consifer running Linux so they could run MS DLLs with greater peace of mind? [ Reply To This | View ] Re: su nobody by chris c on Sunday 19/Jan/2003, @22:37 You might want to check Fred Mclains webpage on the continueing security hole that is ActiveX. He has gotten to mimic a signed security certificate..... there are a lot of horrible things that can be done with that black magic.... [ Reply To This | View ] The Fine Print: The previous comments are owned by whomever posted them. ( Reply )

		"Feature freeze means that everyone has a bad feeling when they change something, almost nothing more." -- Stephan Kulow
KDE®, "K Desktop Environment", "KDE Dot News", "got the dot?" and the KDE Logo® are trademarks or registered trademarks of KDE e.V. in the European Union, the United States and other countries. All other trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster. The rest: Copyright © 2000-2008 KDE e.V. for The KDE Project. For further information or comments on this site, please contact the Webmaster.

[ home | post article | flat forty | subscribe | search | rdf ]