Re: libsafe and Debian installation

To: debian-devel@lists.debian.org
Subject: Re: libsafe and Debian installation
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 23 Apr 2002 17:20:13 -0500
Message-id: <[🔎] 20020423172012.A18978@debian.org>
Mail-followup-to: Colin Watson <cjwatson@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020423153300.GA338@celeron.dekkers>; from jeroen@dekkers.cx on Tue, Apr 23, 2002 at 05:33:00PM +0200
References: <[🔎] 1019497040.5148.43.camel@zaphod> <[🔎] 20020422174856.GA12094@x8b4e50c5.dhcp.okstate.edu> <[🔎] 1019498582.5147.50.camel@zaphod> <[🔎] 20020422212040.GA563@celeron.dekkers> <[🔎] 1019511102.6584.98.camel@zaphod> <[🔎] 20020422214903.GA789@celeron.dekkers> <[🔎] 1019514377.915.137.camel@laptop2.internal.licquia.org> <[🔎] 20020423124457.GA873@celeron.dekkers> <[🔎] 1019573276.1023.64.camel@laptop2.internal.licquia.org> <[🔎] 20020423153300.GA338@celeron.dekkers>

On Tue, Apr 23, 2002 at 05:33:00PM +0200, Jeroen Dekkers wrote:
> If you don't give any permissions to some code running, it can't be a
> security problem if there are bugs.

Not true. If I crack your FTP server and subvert it into serving content
it wasn't intended to serve, then that's a security breach. Whether I
managed to gain root privileges too is a separate issue.

Thinking that privilege elevation is the only kind of security breach is
dangerous, as it lulls programmers into complacency.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: libsafe and Debian installation
  - From: Jeroen Dekkers <jeroen@dekkers.cx>

References:
- Re: libsafe and Debian installation
  - From: Shaya Potter <spotter@cs.columbia.edu>
- Re: libsafe and Debian installation
  - From: David Starner <starner@okstate.edu>
- Re: libsafe and Debian installation
  - From: Shaya Potter <spotter@cs.columbia.edu>
- Re: libsafe and Debian installation
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: libsafe and Debian installation
  - From: Shaya Potter <spotter@cs.columbia.edu>
- Re: libsafe and Debian installation
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: libsafe and Debian installation
  - From: Jeff Licquia <licquia@debian.org>
- Re: libsafe and Debian installation
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: libsafe and Debian installation
  - From: Jeff Licquia <licquia@debian.org>
- Re: libsafe and Debian installation
  - From: Jeroen Dekkers <jeroen@dekkers.cx>

Prev by Date: Re: 0.01-6 > 0.1-3 ?????
Next by Date: Re: QPL (was Re: C++ ... )
Previous by thread: Re: libsafe and Debian installation
Next by thread: Re: libsafe and Debian installation
Index(es):
- Date
- Thread