[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: SSPCPP-961
From: "Cantor, Scott via users" <users () shibboleth ! net>
Date: 2023-03-09 13:28:42
Message-ID: F1EF5704-80CC-44A7-89C6-1A965C98E13D () osu ! edu
[Download RAW message or body]
> Doesn't Jira have a "CLOSED WONTFIX" option :)?
I could have.
> Dunno. It's not like the installation instructions didn't call it out
That was added, I had treated that as common sense.
> If random authenticated users can in general access your server you're in a bad
> situation to begin with. The primary thing I could see happening with this is if
> somebody got a remote compromise with low privileges they could potentially
> escalate by doing this, but on the other hand, depending on the patch level of
> the server, they would have quite the menu of bundled vulnerabilities to choose
> from.
This is one area Windows and Linux are the same. Local privilege escalation is a \
given and is pointless to try and stop. Multi-user servers are not a thing, if they \
ever were. That's why I didn't issue an advisory. Both that and denial of service \
don't even register with me anymore.
-- Scott
--
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic