[ale] Linux Distributions
Chris Ricker
kaboom at oobleck.net
Tue May 17 16:16:46 EDT 2005
On Tue, 17 May 2005, Jim Popovitch wrote:
> If you run your browser as user bob, how do you really know that
> java/javascript/flash/realplayer/etc. didn't just do a malicious thing
> that did in fact gain root privileges via any local root exploit (like
> the ones just announced in kernel 2.6.11)?
You don't. What you know is that it's much harder for potential attacker
to (a) exploit app then (b) carry out other root exploit than it is for
potential attacker to (a) exploit app but not have to (b) carry out other
root exploit because app was already run as root.
later,
chris
More information about the Ale
mailing list