A Tale of Two Pwnies (Part 1)
Posted May 23, 2012 6:44 UTC (Wed) by JoeBuck
In reply to: A Tale of Two Pwnies (Part 1)
Parent article: A Tale of Two Pwnies (Part 1)
Yes, it goes to show that even the most minor security bugs can't be ignored (as in: we can ignore the hole in sandbox A, because it only gets you into sandbox B so you're still contained). Many exploits have at least two steps: first trick a user into running a command as that user, then escalate using some local root exploit. But six steps is very impressive, and helps to show the limits of multi-layer security: you only have to break in one level at a time.
to post comments)