|
|
Ralf Muschall wrote:
>
> Mark Gordon wrote:
>
> > recommending people change it so that it can only be run by root.
>
> How much will this help?
> If you receive an evil scene, you either run it with the suid
> version, or you su manually and run it as root. In both cases,
> the same harm will be done.
>
> The only difference is to avoid attacks by the user himself,
> which is hard anyway if he has physical access to the machine.
>
> Ralf
The real risk is that someone should get access to a user account on
your machine and use this exploit to parlay it into root access.
Similarly, if there are several users on your machine, one such user
could potentially use this to gain root access.
If you're the only person who uses your machine, and you're not worried
about possible remote exploits, it's not such a big deal.
-Mark Gordon
Post a reply to this message
|
|