Local vs remote exploits
Posted Jun 25, 2004 16:56 UTC (Fri) by giraffedata
In reply to: Long-lived security holes
Parent article: Long-lived security holes
I don't think local/remote is a useful distinction, and I don't think people mean local and remote when they say it.
If a user telnets into a system and logs in with his legitimate password and then exploits a bug, that's a remote exploitation.
I think most people think "need already to be able to legitimately run a shell program" when they say "local." If so, they should just say that.
The real distinction we want is exploits that require some amount of legitimate privilege vs those that require virtually no privilege. The former are less serious because a smaller number of people, who have already passed some test of trust, can do them.
The ability to legitimately log in to a shell is a certain level of privilege. So is the ability to do a CVS checkout or submit certain http forms, etc.
to post comments)