Am 29.04.2014 22:22, schrieb Chris Adams: > Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: >> don't get me wrong but you are talking bullshit > > Put up or shut up i shut when i say - not when you say https://www.google.com/search?q=local+root+exploit+CVE google as example for CVE-2014-0038 and as i already explained you: a attacker has no shell, you have two ways to force a existing local exploit by a web-application: A: try to get a complete script on the machine and execute it B: find a very likely present binary and bring it to do the rest of the attack for you with arbitary input if you find B it's much easier because pass unsanitized input to a web-script calling system() with it is one thing, find a way to create a local file with whatever input you like and execute it finally is a complete different world and needs much more than one security problem in the web-application >> you can't download whatever you like to do in any random situation >> and excutue it like in a sehll - if you have only *one command* through >> a web application you need to achieve that this single command triggers >> the whole attack surface down to the critical component giving you >> root access > > If you can't explain how a non-privileged binary can result in a > privilege escalation, then you are wrong. You need to go up-thread and > read what I was responding to and show how it is wrong. in case it don't sanitize user input, calling a already running privileged process and feed it with arbitary input damend do you really pretend that never happened in the past? and no i do not get paied to seek archives for you!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
