[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange change to the DSA-222 web page

Josip Rodin said:
> On Thu, Jan 09, 2003 at 12:18:23PM +0100, Gerfried Fuchs wrote:
> > > What's the rationale for this change?
> > > 
> > > -target user.  This can lead to gaining privileged access to the 'lp'
> > > +target user.  This can lead to gaining unprivileged access to the 'lp'
> > > 
> > > If I only can gain unprivileged access, there's no security hole, right?
> > 
> >  Uh, you gain unprivileged access _to the lp account_ but are not
> > privileged to gain it.  If you would gain privileged access to an
> > account there shouldn't be any harm, should it :)
> > 
> >  Or am I thinking in the wrong direction?
> 
> "This can lead to gaining unauthorized access to the 'lp'"

Or maybe "... to an unauthorized escalation of local privileges to ..."

The "gaining unprivileged access" is grammatically correct IMO, but it
is misleading.

Andrew.

-- 
Andrew Shugg <andrew@neep.com.au>                   http://www.neep.com.au/

"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there?  Well I'd like to meet him.  I could do with a good laugh."
Reply to: