brk() bug was the real problem
Posted Dec 13, 2003 19:05 UTC (Sat) by giraffedata
In reply to: Too weak
Parent article: Lessons from the Debian compromise
I take the opposite view. An unauthorized user being able to log into a system as a nonprivileged user is a small deal. Being able to escalate to a privileged user is a big deal.
That's because there are all kinds of legitimate reasons for having a system that untrusted people can log into as an unprivileged user. We should not therefore squander our attention on stopping people from logging in, but rather allocate it to stopping privilege escalations.
to post comments)