Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
1. Find package with recent, unpatched privilege escalation vulnerability.
2. Install package.
3. Exploit privilege escalation vulnerability.
Haystack surrounding a needle.
Posted Nov 19, 2009 0:30 UTC (Thu) by sladen (subscriber, #27402)
But for a remote user, life got easier; one no longer needs to find a hole in the actual running system or available setuid software; but merely in the (somewhat less tested) package-specific install scripts.
The problem just changed from trying to find a needle in a haystack, to one of spotting a haystack surrounding a needle.
Posted Nov 19, 2009 0:55 UTC (Thu) by etrusco (guest, #4227)
Posted Nov 19, 2009 0:55 UTC (Thu) by jspaleta (subscriber, #50639)
Posted Nov 19, 2009 1:23 UTC (Thu) by sbergman27 (guest, #10767)
Does it understand the concept of "local dinner parties" vs "remote dinner parties"? "Local
children" vs "remote children"?
Has anyone looked into how well this kind of thinking worked for Windows?
Posted Nov 19, 2009 7:29 UTC (Thu) by bronson (subscriber, #4806)
Posted Nov 19, 2009 7:46 UTC (Thu) by bronson (subscriber, #4806)
For the record I agree: it seems utterly daft to have this enabled by default. Did we forget the lesson from RH6 having a bunch of unnecessary daemons (read: breakin vectors) enabled by default?
Posted Nov 19, 2009 9:06 UTC (Thu) by michaeljt (subscriber, #39183)
Posted Nov 19, 2009 15:31 UTC (Thu) by geisler (guest, #44380)
Posted Nov 19, 2009 17:24 UTC (Thu) by sir99 (guest, #3286)
Posted Nov 19, 2009 19:35 UTC (Thu) by drag (subscriber, #31333)
Posted Nov 19, 2009 20:39 UTC (Thu) by SEJeff (subscriber, #51588)
Fedora 12 lets unprivileged users install packages
Posted Nov 19, 2009 0:31 UTC (Thu) by kragil (subscriber, #34373)
My thought exactly, but this is a single user desktop feature and not for servers.
I like it.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds