LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Google Chrome zeroday at wild. (https://www.linuxquestions.org/questions/linux-security-4/google-chrome-zeroday-at-wild-4175708083/)

////// 02-15-2022 10:48 AM
Google Chrome zeroday at wild.
 
https://www.bleepingcomputer.com/new...ed-in-attacks/

update if you can :)
or use other browser for a while.

boughtonp 02-16-2022 08:03 AM

 
Is this really news when Chrome's average is more than one a month?

Or perhaps the news is simply that there was a whole two months since the last such vulnerability was discovered in Chrome?

////// 02-16-2022 08:46 AM
nah, it isnt "news" i think, but someone could benefit of this post.

rokytnji 02-16-2022 11:21 AM
It reminded me to sudo apt update and sudo apt dist-upgrade before firing up any gear lately.
Thanks.

sundialsvcs 02-16-2022 01:37 PM
It also reinforces the importance of the so-called "Principle of Least Privilege."

Which is to say that – and this is true of every operating system – "the account that you use every day" must not be "an Administrator." (In Linux, this means: "a member of the wheel group.") Windows ... MacOS (OS/X) ... mainframe ... doesn't matter.

If anyone or anything that is operating under your credentials "runs into a nearby phone booth," it should not be capable of flying out of it wearing ugly blue tights. It should be operating in a "home directory" that isn't accessible to other users of the same system, and it shouldn't be able to snoop into anyone else's home – let alone have write access to it. It cannot issue the sudo su command, because it is not required to.

Do not give yourself any more access to your system than you require when exercising the tasks which you have associated with that particular login account. (After all, you can have as many accounts as you please.) Don't allow anyone else access to "your stuff" except to the extent that a specific other user-id requires it.

By voluntarily limiting "your" access to "your" system based on need to know or do, you immediately make your system far more secure ... and it really isn't that "inconvenient" once you get used to it. "Be Jimmy Olsen, not Clark Kent."

Beyond that – find a good continuous backup system, and use it 100% of the time.

Trihexagonal 02-21-2022 09:14 AM
Quote:
Originally Posted by sundialsvcs (Post 6330342)
It also reinforces the importance of the so-called "Principle of Least Privilege."

Which is to say that – and this is true of every operating system – "the account that you use every day" must not be "an Administrator." (In Linux, this means: "a member of the wheel group.") Windows ... MacOS (OS/X) ... mainframe ... doesn't matter.
Yes it does. That is not true of every system.

I'm a member of the wheel group but can't invoke root commands from my usr account:

Code:
jitte@unmei:~ $ groups
jitte wheel operator
jitte@unmei:~ $ whoami
jitte
jitte@unmei:~ $ freebsd-update fetch
freebsd-update: Directory does not exist or is not writable: /var/db/freebsd-update
jitte@unmei:~ $ su
Password:
root@unmei:/home/jitte # cd /
root@unmei:/ # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 13.0-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 13.0-RELEASE-p7.
root@unmei:/ #

sundialsvcs 02-26-2022 12:17 PM
The question is whether you can enter the command: sudo su, then enter your own password, and wind up with a "#" prompt . . .

There should be only one user-id on any system, IMHO, which is capable of doing that.

As I've said here before, "your computer is just too damned stupid to know when it should say 'yes!'" But it's extremely good at saying 'no!' Leverage that idea to your full advantage, and also be sure that your "all-powerful user" is named (say ...) freddie. It really isn't "inconvenient" after all ...

Trihexagonal 02-26-2022 09:05 PM
You were right all along and I was wrong from the start.
Hear that often? Hmmm?

My Gehirndose full of toxins, shutdown progressing, Dave


Quote:
Originally Posted by sundialsvcs (Post 6333419)
The question is whether you can enter the command: sudo su, then enter your own password, and wind up with a "#" prompt . . .
I had never used sudo till a few years when I tested TrueOS, DandyOS or whatever they called it that week.
On FreeBSD I always su to root in a terminal, work as root from that terminal and log out to my usr account when done.
I've never installed sudo or doas and am very comfortable working as root, but do not log in as root or run as r00t after my work s done.
Kali has sudo and I don't use the root account on it.

Quote:
Originally Posted by sundialsvcs (Post 6333419)
There should be only one user-id on any system, IMHO, which is capable of doing that.

As I've said here before, "your computer is just too damned stupid to know when it should say 'yes!'" But it's extremely good at saying 'no!' Leverage that idea to your full advantage, and also be sure that your "all-powerful user" is named (say ...) freddie. It really isn't "inconvenient" after all ...
I bend the machine to my will and it does things my way. Which in many ways is not the standard way things are done by everyone else, the Handbook not a factor when I figured it out. I've never looked at fstab for one thing.

dc.901 03-01-2022 07:46 PM
Depending on how critical the system is, it may be useful to also setup MFA - even for sudo.

sundialsvcs 03-01-2022 08:52 PM
It has certainly not escaped my attention that "other Unix®/Linux based systems that I regularly frequent," namely MacOS/OSX, no longer permit even "the root user" unfettered privileges.

Instead, just like "UEFI," they now require a first-action that is physical, therefore distinctly human. Without this, even "the root user" is now "fettered." And, "I agree with this."


All times are GMT -5. The time now is 02:56 PM.