An attacker who only manages to subvert your user account,
of course, can't get at the precious things like /usr/bin/* files
and modify or delete them.
He can only read your locally saved emails,
browser's cache and saved passwords
of your bank website login.
Oh, wait...
Eh, I didn't pretend that security holes weren't serious to begin
with. But an attacker who finds a hole in a setuid root binary can
gain access to *every user*'s personal data, and cover his tracks,
and so on. Root exploits are an order of magnitude more problematic,
which doesn't mean that user exploits are fine.
--
Laurent
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
