On Tue, Nov 3, 2015 at 11:47 AM, Johannes Meixner
Hello,
On Nov 3 15:14 Marcus Meissner wrote (excerpt):
On Tue, Nov 3, 2015 at 4:06 AM, Ludwig Nussel
wrote: Keep in mind that whoever's repo you add gets root access to your system.
... the library only runs as desktop user.
Installing the RPM however runs as "root".
So before we all trusted Adobe at the "user" level, and now we trust them at the "root" level.
I wonder if on an usual end-user system (i.e. on a system where the Adobe Flash Player normally is used) there is in practice a real difference when malware runs as "the user" versus when it runs as "root"?
I think the real value on a computer is user data (like private data, in particular private secrets) and not system data like programs or config files because the latter can relatively easily be recreated (re-install from scratch if the system got corrupted).
Perhaps when malware runs as the user it could be even worse than when malware runs as root because when malware runs as the user it might be even easier to steal private user data under certain circumstances?
When someone runs as root it can compromise the whole system, whereas something that runs as a user can only compromise the user. Furthermore, the ability to hide from plain sight for malware running as user is greatly diminished, whereas one running as root can almost perfectly hide from sight. So, it is worse to get rooted even on a single-user system, because those infections can hide better. So I guess there's that. Adobe could root you. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org