ajax wrote: > [...] >> If this is meant to cover administrative binaries that have no >> privilege escalation pieces of their own, merely run by root, then >> what makes them different from any other /bin/* program that a root >> process might invoke? > > It's not meant to cover that. That phrasing is meant to cover system > components like init that do not function _unless_ run as uid 0.
OK. Can you point to an attack scenario against such binaries that would not also apply against some non-uid0-only binary that root may incidentally run? - FChE -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
