On Thu, Jan 9, 2014 at 7:15 PM, Laurent Bercot <[email protected]> wrote: >> An attacker who only manages to subvert your user account, >> of course, can't get at the precious things like /usr/bin/* files >> and modify or delete them. >> >> He can only read your locally saved emails, >> browser's cache and saved passwords >> of your bank website login. >> >> Oh, wait... > > Eh, I didn't pretend that security holes weren't serious to begin > with. But an attacker who finds a hole in a setuid root binary can > gain access to *every user*'s personal data,
Which often means "the only user of this machine". > and cover his tracks, > and so on. Root exploits are an order of magnitude more problematic, > which doesn't mean that user exploits are fine. They were order of magnitude more problematic when multi-user machines were the norm. Today, the difference in the level of impact is less pronounced. That's my point: It is not logical anymore to see root exploits as orders of magnitude more dangerous than user-level ones, and spend much more efforts to prevent specifically these exploits to be used. If you are afraid that ping may have a bug, spend time auditing ping, not making it more ugly just because you can make such bug impact "only lowly user". _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
