On Wed, Mar 7, 2012 at 8:52 AM, Kevin Chadwick <ma1l1i...@yahoo.co.uk>wrote:
> On Tue, 6 Mar 2012 18:28:15 -0800 > Adrienne Porter Felt wrote: > > > For example, there is relatively little risk attached to > > letting an app turn your Bluetooth on or off. > > How about a local app introduced via qr code phishing switching > it on and then a stack exploit by a local attacker or attackers device > getting root. What about bluetooth malware and the bugs in the > bluetooth stack. That is a problem that the system itself needs to handle, via system design and hardening. Users need to be able to assume that his or her device works like it is supposed to (e.g., granting access to location will not also accidentally grant access to the mic), otherwise permissions are meaningless. If any privilege can be used to get any other privilege, then how can you ever make a decision? Certainly there will be privilege escalation bugs but it is the responsibility of the platform vendor to find and fix them, not the responsibility of the user to plan ahead for them. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
