On Thu, 2007-08-09 at 07:52 +0000, Sebastien Bacher wrote: > Unchecking the security option again, that looks like a simple crash and > not a vulnerability that can be exploited
I wasn't sure which flag was which and erred on the side of safety. When a bug is "private to subscribers only" does anything prevent "some Joe" from simply subscribing to see the contents? Can a private bug be a bug others are duplicated to, such that the subscriber of the duplicate bug automatically becomes a subscriber (by way of duplicate flagging) of the private bug? What is really needed here is something like: http://www.usenix.org/publications/library/proceedings/sec03/tech/full_papers/broadwell/broadwell_html/scrash.html I don't know of any real-world implementations of such a thing though. I don't know if any of the existing security frameworks will "contain" userspace data. I tend to think they don't/won't -- they typically only deal with kernel "object"s. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell -- gnome-keyring-daemon crashed with SIGSEGV in strchr() https://bugs.launchpad.net/bugs/130938 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
