From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: Re: Add murmur. Date: Sun, 12 Feb 2017 18:01:04 +0100 Message-ID: <05c09e9a-eda3-d41e-b02c-b7d52ba1a5c5@crazy-compilers.com> References: <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <20170210213959.on6psfta6jcbjv2b@wasp> <877f4x1zle.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170210221536.iv5rktzx43b6xddv@wasp> <87wpcw3iks.fsf@gnu.org> <20170211143934.oo5loexp4pbpovpk@wasp> <87y3xbwmvi.fsf@gnu.org> <20170212135319.4exfnaq3oov3p6de@wasp> <20170212140234.xno3tzpzgvndirt3@wasp> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59591) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccxWc-0006Oz-8j for guix-devel@gnu.org; Sun, 12 Feb 2017 12:01:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccxWZ-0003Mj-7u for guix-devel@gnu.org; Sun, 12 Feb 2017 12:01:22 -0500 Received: from mail-out.m-online.net ([212.18.0.9]:55666) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ccxWZ-0003MN-23 for guix-devel@gnu.org; Sun, 12 Feb 2017 12:01:19 -0500 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3vLw1n0HlTz3hjjg for ; Sun, 12 Feb 2017 18:01:16 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3vLw1m4c11zvlsg for ; Sun, 12 Feb 2017 18:01:16 +0100 (CET) Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id LcmS7LKUYBGG for ; Sun, 12 Feb 2017 18:01:13 +0100 (CET) Received: from hermia.goebel-consult.de (ppp-46-244-136-117.dynamic.mnet-online.de [46.244.136.117]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS for ; Sun, 12 Feb 2017 18:01:13 +0100 (CET) Received: from thisbe.goebel-consult.de (hermia.goebel-consult.de [192.168.110.7]) by hermia.goebel-consult.de (Postfix) with ESMTP id DE3EA6092F for ; Sun, 12 Feb 2017 18:01:04 +0100 (CET) In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Am 12.02.2017 um 15:37 schrieb David Craven: > I think that it is a minor > issue at best, since anything that isn't accessible over the network or running > with any sort of privileges is not very useful. I strongly disagree! Every piece of software available on the system may the intruder. The server may not be running so it can not be attacked in the first place. But if an intruder gains (unprivileged) access to the system, he might be able to start that server software. Then he might use it for privilege escalation (if the server software is vulnerable), as a back-channel or for attacking further systems. > This hypothetical attacker is trying to escalate privileges. I don't > see how starting an unprivileged process would help with that. Well, simply by an exploiting a bug in that software. This is a quite common case :-) -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |