El 8/9/23 a les 11:59, Marc ha escrit:
Since when does a hacked website gain root? What argument is next, when
your
storage solution is hacked they have access to your files? Are you not
working
with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley considering root access gained.
Apart from this privilege escalation is a real threat:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=privilege+escalation
This link is crap, did you even read a few items on this page? Put then a link
to the apache httpd root access.
Fact still remains that nobody here on this list has eternal life nor eternal
resources, so you would be stupid to focus on your webserver root access
exploit instead of roundcube.
Next to that, it is more common these days to use containers so there is not
even a webserver that runs root.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
If roundcube/dovecot is in discussion, we can't assume the rest of
environment i secure and well-configured: Webserver, Kernel, DB server, etc.
Then we need to work on good measures to not rely on "everything will be
optimal because everybody did a good job".
And we can't assume Rouncube is perfect, same as Dovecot. Give time to time.
--
__________
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org