Re: libsafe and Debian installation
On Tue, Apr 23, 2002 at 05:33:00PM +0200, Jeroen Dekkers wrote:
> If you don't give any permissions to some code running, it can't be a
> security problem if there are bugs.
Not true. If I crack your FTP server and subvert it into serving content
it wasn't intended to serve, then that's a security breach. Whether I
managed to gain root privileges too is a separate issue.
Thinking that privilege elevation is the only kind of security breach is
dangerous, as it lulls programmers into complacency.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: