[ale] Linux Distributions

Chris Ricker kaboom at oobleck.net
Tue May 17 16:16:46 EDT 2005


On Tue, 17 May 2005, Jim Popovitch wrote:

> If you run your browser as user bob, how do you really know that
> java/javascript/flash/realplayer/etc. didn't just do a malicious thing
> that did in fact gain root privileges via any local root exploit (like
> the ones just announced in kernel 2.6.11)?

You don't. What you know is that it's much harder for potential attacker 
to (a) exploit app then (b) carry out other root exploit than it is for 
potential attacker to (a) exploit app but not have to (b) carry out other 
root exploit because app was already run as root. 

later,
chris



More information about the Ale mailing list