User: Password:
Subscribe / Log in / New account



Posted Jan 7, 2011 2:11 UTC (Fri) by mjg59 (subscriber, #23239)
In reply to: "eventually" by drag
Parent article: Spengler: False Boundaries and Arbitrary Code Execution

You said "The difference of a few cycles to get UID0 to a few days to sniff root password is not really a big deal when faced with a exploitable vulnerability", which I think oversimplifies. Whether it's a big deal or not is context dependent, whereas if the daemon were running as uid 0 it'd be guaranteed to be a big deal.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds