[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kdesu overrides user's PATH with hardcoded path
From: "Michael Howell" <mhowell123 () gmail ! com>
Date: 2008-09-05 13:09:14
Message-ID: a2927be10809050609y37276d49r895e650adb08e5f3 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
> do you know how ridiculously improbable it is that you get a security
> hole that allows you creating executable files in ~/bin but nothing
> else?
Break a program that isn't being run as root (e.g. a web browser), you don't
get root privileges. Conveniently, ~/bin is in the user's home directory. It
isn't "a security hole that allows you creating executable files in ~/bin
but nothing else", it's "I want them to run this executable, I'm not
interested in hosing their ~".
--
Michael Howell
mhowell123@gmail.com
[Attachment #5 (text/html)]
<div dir="ltr"><br>
<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px \
solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">do you know \
how ridiculously improbable it is that you get a security<br>
hole that allows you creating executable files in ~/bin but nothing<br>
else?</blockquote><div>Break a program that isn't being run as root (e.g. a web \
browser), you don't get root privileges. Conveniently, ~/bin is in the user's \
home directory. It isn't "a security hole that allows you creating \
executable files in ~/bin but nothing else", it's "I want them to run \
this executable, I'm not interested in hosing their ~".<br>
</div></div><br clear="all"><br>-- <br>Michael Howell<br><a \
href="mailto:mhowell123@gmail.com">mhowell123@gmail.com</a><br> </div>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic