Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]) [12/11/03 14:41]: > bulletin. A decent admin would configure FPSE such that this flaw is a > non-issue. This is because no ordinary user has a reason to be accessing > FPSE's files. If FPSE is secured, this means that an attacker is getting > their own privileges back.
A decent OS shouldn't need the admin to go in and modify permissions on specific files in order to give a ensure a basic security requirement. While an ordinary user may have no reason to access those files, an ordinary admin should similarily have no reason for modifying the permissions on those files. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html