[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Package Manager Denies Permission to Install



On Thu, Jan 22, 2009 at 2:12 PM, Kevin Kofler <kevin kofler chello at> wrote:
> Richard Hughes wrote:
>> Sure, but my point if that GTK code is untrusted, and just not designed
>> to be run with elevated privileges. A buffer-overflow is an easy exploit
>> if the code is running as uid 0, whether running as setuid or as root.
>
> Why would you overflow a buffer on your own machine where you're already
> root? It makes sense to attack a setuid binary on a machine you're not root
> on, but it doesn't make sense to attack your own machine.

Really?  In that case I invite you to visit my website evil.com and
click on a few links. Better still, log into my friendly server and
run a few of my apps. They're running on my machine, not yours. Of
course the GUI runs on your machine via X11 ...

poc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]