> You read too much between the lines in my words. > I'm not counting on the certifications of Harmut. I simply agree with > the reasoning that no client and server should be combined if possible > to limit the attack surface. That's all.
That may be true. It was my intention to back Ludo. I think that it is a minor issue at best, since anything that isn't accessible over the network or running with any sort of privileges is not very useful. An attack usually involves exploiting a service for remote code execution, followed by privilege escalation and finally securing access to the system and cleaning up traces. This is an unprivileged binary on a server, and it isn't even running. Exploiting any bugs in the client would require starting the client first. This means that an attacker has already gained physical access or is able to perform remote code execution. This hypothetical attacker is trying to escalate privileges. I don't see how starting an unprivileged process would help with that. But then again - I'm not an expert and don't have any credentials - so I'd be interested to know if there is a way of exploiting this.
