Re: sudo disappears after latest update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/10/2016 02:45 PM, Patrick O'Callaghan wrote:

On Wed, 2016-02-10 at 10:53 -0700, jd1008 wrote:

On 02/10/2016 10:27 AM, Patrick O'Callaghan wrote:

On Wed, 2016-02-10 at 10:17 -0700, jd1008 wrote:

A malefic website can and does user JS to fork out processes that
can
sudo whatever they want.

Are you sure? If so, please give a reference.

poc

Some years ago, the reference came directly from google website
analysis
(obtained via the noscript add-on).
to paraphrase what I read then (as I am sorry I did not keep that
link),
stated
.... it installs malware without the user's knowledge or permission
....

I will strive to locate that analysis and share it with th list.

Unless of course, it has been sanitized or removed - because google
re-analyzes websites
once every 90 days.

I suspect you're thinking of a bug in some earlier version of JS (or
Java). Normally these things are supposed to run in a sandbox precisely
to prevent this. That's probably the main reason Google has just
announced they'll be blocking Flash content in the near future, as it's
notorious for this kind of problem.

poc

I am sorry to burst the bubble that was perpetrated by Sun Microsystems.
I worked at Sun Microsystems as a contractor and talked to a very senior
developer at Menlo Park. I knew this developer from working with him in
a previous company. Under my oath never to reveal his name, he clued me in
that the fictitious "sandbox" was the entire system. Sun was clever to use the 
term sandbox as a subterfuge for the silicon of the chips.
This "sandbox=entire system" was confirmed to me in an email from another
very senior developer who is still on this list, but will not expose his name. 
He confirmed that the sandbox is the entirety of the system.
Reason why some people will go to email flame wars on this issue is because
either it is their penny at stake, or they are obeying their superiors.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux