Package Manager Denies Permission to Install
Kevin Kofler
kevin.kofler at chello.at
Wed Jan 21 18:42:12 UTC 2009
Richard Hughes wrote:
> Sure, but my point if that GTK code is untrusted, and just not designed
> to be run with elevated privileges. A buffer-overflow is an easy exploit
> if the code is running as uid 0, whether running as setuid or as root.
Why would you overflow a buffer on your own machine where you're already
root? It makes sense to attack a setuid binary on a machine you're not root
on, but it doesn't make sense to attack your own machine.
Kevin Kofler
More information about the fedora-list
mailing list