| 2008-10-15 19:20:27 |
Daniel T Chen |
flashplugin-nonfree: statusexplanation |
|
While the attack coverage is certainly high, your proposal of unconditionally (forcibly) removing ~/.macromedia/Flash_Player on each login is incorrect. Imagine this scenario on a fresh boot:
1) Log in via gnome-session;
2) Open Web browser, and load embedded Flash that uses cookies;
3) Switch to tty1
4) Switch to tty7
If the Flash applet has not completed loading between steps (2) and (3), you've just blown away the cookie(s).
Trivially, the "remove on logout" proposal is analogous.
However, as a brutish hack, one could use gnome-session to invoke such a script running upon session login that forcibly removes the cookies. |
|
