[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kdesu overrides user's PATH with hardcoded path
From: "Michael Howell" <mhowell123 () gmail ! com>
Date: 2008-09-04 22:55:38
Message-ID: a2927be10809041555o4cd0082bu3d81c4af15d24ec4 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Wed, Sep 3, 2008 at 11:40 PM, Oswald Buddenhagen <ossi@kde.org> wrote:
> *how* is a bad cat supposed to get into ~/bin, huh? why do you want to
> secure the door of an obviously blown up house?
>
Find a security vulnerability in some random application that gives I/O
access to people on the outside. Or trick someone into decompressing a
rigged archive. Either way, you can't access /bin or /usr/bin, but you can
get to ~/bin easily.
--
Michael Howell
mhowell123@gmail.com
[Attachment #5 (text/html)]
<div dir="ltr">On Wed, Sep 3, 2008 at 11:40 PM, Oswald Buddenhagen <span \
dir="ltr"><<a href="mailto:ossi@kde.org">ossi@kde.org</a>></span> \
wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; \
padding-left: 1ex;">
*how* is a bad cat supposed to get into ~/bin, huh? why do you want to<br>
secure the door of an obviously blown up house?<br></blockquote></div>Find a security \
vulnerability in some random application that gives I/O access to people on the \
outside. Or trick someone into decompressing a rigged archive. Either way, you \
can't access /bin or /usr/bin, but you can get to ~/bin easily.<br clear="all"> \
<br>-- <br>Michael Howell<br><a \
href="mailto:mhowell123@gmail.com">mhowell123@gmail.com</a><br> </div>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic