On Thu, 13 Dec 2012, Moritz Mühlenhoff <[email protected]> wrote: > Plus, installing Flash opens the Pandora's box anyway
When a user runs a web browser that calls the Flash plugin then that user session is exposed to the risk of a compromised Adobe web site etc. When the user visits a potentially hostile web site they are exposed to the risk of compromise via a potential bug in the Flash plugin. But in all cases installing the package should not give a risk of root compromise. If there is a path from installing the Flash plugin (or any other package that downloads files) to a root compromise that doesn't involve a kernel bug then it's a bug that needs to be fixed. Admittedly most Linux workstations are single-user systems nowadays which means that a user compromise gives almost all the benefits to the attacker of a root compromise. But even so vulnerability to user compromise is no reason to be less vigilant about a potential root compromise. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
