[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Add murmur.
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Add murmur. |
|
Date: |
Mon, 13 Feb 2017 15:15:51 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
"pelzflorian (Florian Pelz)" <address@hidden> skribis:
> On 02/12/2017 06:01 PM, Hartmut Goebel wrote:
>> Am 12.02.2017 um 15:37 schrieb David Craven:
>>> I think that it is a minor
>>> issue at best, since anything that isn't accessible over the network or
>>> running
>>> with any sort of privileges is not very useful.
>>
>> I strongly disagree!
>>
>> Every piece of software available on the system may the intruder. The
>> server may not be running so it can not be attacked in the first place.
>> But if an intruder gains (unprivileged) access to the system, he might
>> be able to start that server software. Then he might use it for
>> privilege escalation (if the server software is vulnerable), as a
>> back-channel or for attacking further systems.
>>
>
> An attacker with enough privileges to run Murmur has enough privileges
> to install Murmur anyway (perhaps but not necessarily by using Guix).
Definitely. And they might just as well run software that’s more useful
for their purposes, like a botnet server. :-)
Ludo’.
- Re: Add murmur., (continued)
- Re: Add murmur., ng0, 2017/02/10
- Re: Add murmur., Ludovic Courtès, 2017/02/11
- Re: Add murmur., ng0, 2017/02/11
- Re: Add murmur., Ludovic Courtès, 2017/02/12
- Re: Add murmur., ng0, 2017/02/12
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., ng0, 2017/02/12
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., Hartmut Goebel, 2017/02/12
- Re: Add murmur., pelzflorian (Florian Pelz), 2017/02/12
- Re: Add murmur.,
Ludovic Courtès <=
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., Hartmut Goebel, 2017/02/14
- Re: Add murmur., ng0, 2017/02/14
- server and client in one package -> security issue (was: Add murmur), Hartmut Goebel, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), ng0, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), David Craven, 2017/02/12
- Re: server and client in one package -> security issue, Hartmut Goebel, 2017/02/12
- Re: server and client in one package -> security issue, Ludovic Courtès, 2017/02/13
- Re: server and client in one package -> security issue, Hartmut Goebel, 2017/02/14
- Re: server and client in one package -> security issue, Andy Wingo, 2017/02/14