On 03-04 12:03, Luke A. Call wrote:
> Partly as a possible approach, and partly for feedback/suggestions on
> it:
[....]
> multiple user logins and their corresponding X sessions running
> at the same time, among which I would switch with Ctrl-Alt-F* keys,
> hoping that if one account (where I did most of the general browsing,
> etc) was compromised, it would not compromise the other accounts, where
> I restricted the activites to more trusted binaries or sites. Then,
> text file sitting in /home where different accounts could read/write info.
>
> Now, on obsd, I do that sort of thing, but with ssh -X across users
> in a single X session and a bit of scripted xclip usage where I can,
> and a systemwide default of umask 0077, and limit my root access to
> run only from a console -- which you can consider.
(PS: In doing this multi-account stuff in a single X session, I am
careful not to put sensitive info on the clipboard, as then any other
account could read it. Same for anything typed while any app
requiring "ssy -Y..." is running.)
No comments:
Post a Comment