Kim Kimball wrote: > I'm still wondering if > > a. Removing system:anyuser from ACLs will prevent this privilege > escalation > b. Removing system:anyuser from ACLs except "system:anyuser l" will > prevent the privilege escalation (i.e. the only occurrence of > system:anyuser is with l permission) > > Any definitive conclusions? > > Thanks! > > Kim
As has been discussed on this list over the last few days, modifying the contents of unprotected data retrieved via anonymous connections is just one form of attack that can be executed. Your proposal will make attacks harder, it will not prevent them. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
