From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: Re: Add murmur. Date: Tue, 14 Feb 2017 11:13:32 +0100 Message-ID: <58A2D84C.30404@crazy-compilers.com> References: <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <20170210213959.on6psfta6jcbjv2b@wasp> <877f4x1zle.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170210221536.iv5rktzx43b6xddv@wasp> <87wpcw3iks.fsf@gnu.org> <20170211143934.oo5loexp4pbpovpk@wasp> <87y3xbwmvi.fsf@gnu.org> <20170212135319.4exfnaq3oov3p6de@wasp> <20170212140234.xno3tzpzgvndirt3@wasp> <05c09e9a-eda3-d41e-b02c-b7d52ba1a5c5@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60735) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cda7A-0002pS-Ni for guix-devel@gnu.org; Tue, 14 Feb 2017 05:13:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cda76-0003vE-IW for guix-devel@gnu.org; Tue, 14 Feb 2017 05:13:40 -0500 Received: from mail-out.m-online.net ([212.18.0.10]:49756) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cda76-0003uP-CA for guix-devel@gnu.org; Tue, 14 Feb 2017 05:13:36 -0500 In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: David Craven Cc: guix-devel Am 12.02.2017 um 18:54 schrieb David Craven: > If an attacker already has the privileges required to start the software > I don't think it's possible to gain any more privileges unless that software > has the setuid bit set. You are right. I implicitly made some assumptions like setuid bit set. Nevertheless each additional piece of software already available eases the attack since less work and less skills are required. -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |