Am 29.04.2014 21:36, schrieb Andrew Lutomirski: > On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: >> simple example: >> >> * binary XYZ is vulerable for privilege escalation > > This makes no sense... for you >> * we talk about a *local* exploit until now > > ...I don't even know what you're trying to say here... than google for * "privilege escalation" * "local exploit" * "remote exploit" that could be a good start: http://en.wikipedia.org/wiki/Exploit_%28computer_security%29 >> * a bad configured webserver allows system-commands through a php-script >> and i consider that you google for the /e modifier > > ...and this is already sufficient for a remote exploit. yes, but the difference may be if you only can run unprivileged code or have a chance to own the machine and get root > Can we please move all discussion of "Zomg! This feature would take an > existing security hole and turn it into a security hole with exactly > the same impact" into its own thread or just stop it entirely? All it > does is distract from real discussion can you please start to goole for things others talking about?
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
