Simon Hobson <li...@thehobsons.co.uk> writes: > Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote: > >> By now, the concept of unprivileged local users is a little obsolete anyway. >> >> Today, hosts generally serve only one unix user, there generally is >> only one local user of one host, and that local user is the user that >> owns everything valuable. So is the a real point to >> local-user-to-root exploits? I suppose there is, but it is much >> smaller than it was ten or twenty years ago. > > It depends on what you are doing. > It's a fairly quick and easy way to separate users on (eg) web hosting > - by having Apache execute each site as a specific user.
[...] > And regardless of how you separate users, having an exploitable > privilege escalation flaw means that someone compromising one of your > customer's sites is then able to escalate their privileges to do more > damage than they could from an unprivileged account. Hmm ... and how many 'millions of Android devices and Linux PCs' are affected by that? This is a trivial bug with a one or two lines fix and the people who found it could have spend their time in a more useful way by contributing a fix then by creating and exploit and trying to draw as much attention to that as possible. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
