On Tue, 19 Jan 2016 20:46:00 +0000, Rainer wrote in message <87d1sxguwn....@doppelsaurus.mobileactivedefense.com>:
> k...@aspodata.se writes: > > Arnt Gulbrandsen: > >> By now, the concept of unprivileged local users is a little > >> obsolete anyway. > > > > Yes, unless you let your kids or some guests use your computer. > > How many of your "kids and guests" even know what a kernel is, let > alone how to exploit a bug in one? ..systemd? ;oD > >> Today, hosts generally serve only one unix user, there > >> generally is only one local user of one host, and that local user > >> is the user that owns everything valuable. So is the a real point > >> to local-user-to-root exploits? I suppose there is, but it is much > >> smaller than it was ten or twenty years ago. > > > > The problem is not the local user == the owner, instead it is an > > unknown breaking in as a local user and then gaining root powers. > > That's not going to be terribly difficult on a system I use as > accounts I'm using usually can get root via sudo without entering a > password. ..why did Debian kill ssh into localhost? Is su or sudo safer than ssh nowadays? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
