Where's Konqueror in SU

John Summerfield debian at herakles.homelinux.org
Mon Nov 2 15:50:07 UTC 2009

Karel Voln wrote:

> $ konqueror localhost:631
> <supply root password to konqueror when asked for>
> ?
> in the first case, if the attacker gets in control of Konqueror, 
> he can do rm -rf / directly; in the latter, he can capture root 
> password ... which may (or may not) be more valuable

I don't think much of your example, but in practice if some cracker 
tries to "rm -rf /" there's not a lot to choose, on my systems, between 
doing it as root and doing it is me. My valuables are  mostly in ~ and 
the operating system is way easier to replace than the stuff in ~.

More likely, Ungodly will be looking for my banking details, and i I 
allow a browser to store unencrypted account details, being root doesn't 
make my situation worsse

However, I think the biggest hazards is through trojans, and if I can 
persuade you that you really should give my custom version of Firefox a 
burl, I've got you. along with Firefox I could install keyloggers to 
record what you type, I I can correlate what you type with where you go,,,,



-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice

You cannot reply off-list:-)

More information about the fedora-test-list mailing list