Bugtraq mailing list archives
Re: XML in IE 5.0
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 18 Jan 2000 22:53:47 -0800
At 12:03 PM 1/17/00 -0800, Brian Behlendorf wrote:
On Fri, 14 Jan 2000, Ryan Russell wrote:For Windows users, The MS guys gave an interesting talk at the NTBugtraq Canada Day Party at Russ' house last year. NT2000 will include a
feature that
is similar to su on unix, which will allow one to have different windows
open
as different users on the same box... I believe it's an extension of the terminal server concept. Anyway, once folks get NT2000, they should really consider running their browsers as locked-down, non-priveledged users.
Except that browsers have exchanges with the outside world that carry personalization with it, so at some level the browser needs to be tied with an identity, and compromising that identity will always be a concern.
This would depend on your environment. At work, there are a lot of things that I access with a web browser that depend on my account credentials to access. In that environment, changing to a different user wouldn't help much. I could have an icon for the regular browser, and another that runs as me - that isn't too complicated. At home, I don't access anything based on my user credentials using a browser, so it would be easy for me to always run the browser under a highly restricted account.
But that's another topic; just wanted to prove there's no easy solution, but it's good to see MS playing catchup with Unix on this, even if it has been 15-20 years.
There's yet another solution that might be able to give you the best of both worlds - there is such a thing as a restricted user token under Win2k - you copy your token, strip it of the rights and groups that you want to go away (this is permanent), then create a process using the stripped token. Now you're still running it as you, but you've shed any privileged groups, and shed any rights that you don't want your browser to have. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: XML in IE 5.0 Mike Brown (Jan 13)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)
- Re: XML in IE 5.0 Mike Brown (Jan 13)
- <Possible follow-ups>
- Re: XML in IE 5.0 Ryan Russell (Jan 14)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 David LeBlanc (Jan 18)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 Darren Reed (Jan 17)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- SubSeven 2.1a (trojan) Andrew Griffiths (Jan 19)
- Re: XML in IE 5.0 David LeBlanc (Jan 20)
- Some discussion in http-wg ... FW: webmail vulnerabilities: a new pragma token? Eric D. Williams (Jan 19)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)
- SyGate 3.11 Port 7323 / Remote Admin hole jalerta () nestworks com (Jan 28)
- [LoWNOISE] Rightfax web client 5.2 ET LoWNOISE (Jan 29)