[13419] in bugtraq
Re: XML in IE 5.0
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Jan 18 17:19:38 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200001172028.HAA22549@cairo.anu.edu.au>
Date: Tue, 18 Jan 2000 07:28:27 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: Ryan.Russell@SYBASE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <88256867.002264B1.00@gwwest.sybase.com> from "Ryan Russell" at
Jan 14, 2000 10:15:25 PM
In some mail from Ryan Russell, sie said:
[...]
> For Windows users, The MS guys gave an interesting talk at the NTBugtraq
> Canada Day Party at Russ' house last year. NT2000 will include a feature that
> is similar to su on unix, which will allow one to have different windows open
> as different users on the same box... I believe it's an extension of the
> terminal server concept. Anyway, once folks get NT2000, they should really
> consider running their browsers as locked-down, non-priveledged users.
>
> I believe you can do the same on most modern unices now with judicious
> use of su and xhost adjustments.
Except that user preferences are no longer stored as being owned by *that*
user (roaming profile problems anyone ?), per-user disk cache usage isn't
associated with the correct user, etc. Can you really imagine 90% of
Internet users being savvy enough to run a browser in an "su" window ?
The other option here for M$ is to reinvent the setuid bit :->
Darren
