Kirk Reiser, le Mon 13 Dec 2010 07:58:26 -0500, a ?crit : > On Sun, 12 Dec 2010, Greg KH wrote: > >But, the world writable bit can be seen as a big security issue right > >now, right? It would be good to get that fixed, or at the very least, > >narrowed down a lot right now. > > Just curious, if the world writable files are working correctly and > with no overrun buffer bugs etc why are they a security risk? That depends what you consider as security risks. No buffer overrun is enough for not compromising the kernel. Being able to change the way the speech synthesizer (that the owner of the machine uses to be able to control it) simply by being logged as a mere user on the machine, that might be considered as a security risk. Think of it as being able to change the text font of the VGA console, you don't really want to allow users to be able to do that. You also have potential Denial of Service by setting the volume to zero, setting the speed at maximum, etc. etc. Samuel
