Re: Add murmur.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Add murmur.

From:	Hartmut Goebel
Subject:	Re: Add murmur.
Date:	Sun, 12 Feb 2017 18:01:04 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

Am 12.02.2017 um 15:37 schrieb David Craven:
> I think that it is a minor
> issue at best, since anything that isn't accessible over the network or 
> running
> with any sort of privileges is not very useful.

I strongly disagree!

Every piece of software available on the system may the intruder. The
server may not be running so it can not be attacked in the first place.
But if an intruder gains (unprivileged) access to the system, he might
be able to start that server software. Then he might use it for
privilege escalation (if the server software is vulnerable), as a
back-channel or for attacking further systems.


> This hypothetical attacker is trying to escalate privileges. I don't
> see how starting an unprivileged process would help with that.

Well, simply by an exploiting a bug in that software. This is a quite
common case :-)

-- 

Regards
Hartmut Goebel

| Hartmut Goebel          | address@hidden               |
| www.crazy-compilers.com | compilers which you thought are impossible |

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Add murmur., (continued)

Prev by Date: Re: server and client in one package -> security issue
Next by Date: Re: Fixing non-reproducibility in some guile packages
Previous by thread: Re: Add murmur.
Next by thread: Re: Add murmur.
Index(es):
- Date
- Thread