|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Escalation of privileges
From: Kenn Humborg (kenn
BLUETREE.IE)Date: Tue Aug 08 2000 - 13:38:40 CDT
- Next message: Chuck Wolber: "Re: [RHSA-2000:048-02] Updated mailx and perl packages are now available."
- Previous message: Andreas Hasenack: "Re: [RHSA-2000:047-03] New umb-scheme packages are available."
- In reply to: Mayers, Philip J: "Re: Escalation of privileges"
- Next in thread: Nicolas Rachinsky: "Re: Escalation of privileges"
- Reply: Kenn Humborg: "Re: Escalation of privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Hmm... Interesting, but needs an idiot admin to exploit.
I beg to differ. I don't have the time to minutely examine
every file that every app installs. I think it is reasonable
to expect reputable companies (such as Symantec) to ship
their apps in a secure state.
In the 'real world', they'd get their asses whipped due to
lack of 'warranties of merchantibility and fitness for a
particular purpose'. Would you buy a car alarm that left
your doors unlocked? If you did, and the vendor didn't
make this clear, and sold it as a security enhancement,
you'd sue his ass off.
Unfortunately, in the software world, these stupid limited
warranties mean that you've got absolutely no ground to
stand on.
Annoyed,
Kenn
- Next message: Chuck Wolber: "Re: [RHSA-2000:048-02] Updated mailx and perl packages are now available."
- Previous message: Andreas Hasenack: "Re: [RHSA-2000:047-03] New umb-scheme packages are available."
- In reply to: Mayers, Philip J: "Re: Escalation of privileges"
- Next in thread: Nicolas Rachinsky: "Re: Escalation of privileges"
- Reply: Kenn Humborg: "Re: Escalation of privileges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]