Am 12.02.2017 um 18:54 schrieb David Craven: > If an attacker already has the privileges required to start the software > I don't think it's possible to gain any more privileges unless that software > has the setuid bit set.
You are right. I implicitly made some assumptions like setuid bit set. Nevertheless each additional piece of software already available eases the attack since less work and less skills are required. -- Regards Hartmut Goebel | Hartmut Goebel | h.goe...@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |
