>On Thu, 11 Nov 2010 21:16:53 +0000 >Ken Moffat <[email protected]> wrote: > > If you have no-one else with access to your machine, it probably > *is* a low priority - but we are all our own sysadmins, so we ought > to keep on top of vulnerabilities in everything we have installed. > > ĸen
I'd just like to add that there is a loophole in this. Small, but still. This vulnerability is probably better classified as a "privilege escalation" vulnerability. The only way to exploit it is to first run code on your machine. Now, I may be a liiittle too paranoid about this, but I don't truly trust my browser. If one were to exploit the browser, one would be presumably able to exploit the glibc vulnerability. I would be even more paranoid if it were an invasive HTML5-ready browser, implementing the filesystem interface for web applications. Mind that I have not spent time learning about that interface, but if it allows creation of links, you maaaay have a problem. Then again, I am a bit paranoid when it comes to my system's security. -- -Aleksandar Kuktin -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
