On 11/18/2009 07:37 PM, Colin Walters wrote:
On Wed, Nov 18, 2009 at 7:36 PM, Jeff Garzik<jgar...@pobox.com> wrote:
And it ignores that remote exploits are now much easier, because remote
non-root exploit + package install == remote root exploit.
No, the uid needs to have logged in through a physical console.
See references in multiple mails to firefox, pidgin, and any number of
other example applications run by a uid logged in through a physical
console.
Web browsers -- especially with bin-only flash -- are the most likely
vector for remote exploits these days. Far more so than any system daemon.
There are Real Good(tm) reasons why Firefox complains, if your Flash
plug-in is out of date, even on Linux...
Jeff
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
