On Wed, 2009-01-21 at 11:36 +0100, Kevin Kofler wrote: > That stuff affects setuid, i.e. where you're giving out blanket > permission to *anyone* to run code as root.
Right. > What we're talking about in this thread is somebody who knows the root > password logging in as root on their own machine and running the > entire session as root. Quite a different scenario from a security > perspective. Sure, but my point if that GTK code is untrusted, and just not designed to be run with elevated privileges. A buffer-overflow is an easy exploit if the code is running as uid 0, whether running as setuid or as root. Point taken tho. Richard. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
