[IAEP] A security vs. functionality question
luke at faraone.cc
Thu Aug 6 14:59:05 EDT 2009
On Thu, Aug 6, 2009 at 14:28, Benjamin M. Schwartz <bmschwar at fas.harvard.edu
> Is sharing an activity a sufficient indication of intent from the user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server? To activate a remote VNC client in Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png . Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared. An Activity can easily be stopped by a single click
> at any time.
A malicious attacker can type at speeds which would allow malicious commands
to be injected without the user noticing until it is "too late".
Also, there is no method for "limited sharing".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IAEP