On 2006-05-03, Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>> Yes, it's true, but just as in the recent (x)Ubuntu 5.x case, this was
>> *immediately* patched and could only ever be exploited only by a local user.
>> Compare that to Windows where Administrator password recovery is rather
>> trivial, given physical access to the machine. SuSE and even Palm O/S have
>> similar workarounds, so merely none makes the exception.
> So, you compare a remotely exploitable hole with a physical securiyt breach
> (which you can do just as easily on Linux). Nice.
While I agree physical access obviates nearly all security regimes, you
are equivocating massively here.
> What? Remotely exploitable? Yes. It's true that the X server has to be
> running on the local machine, but if YOU are running X locally, then
> someone remotely can exploit you in conjunction with some other flaw that
> allows arbitrary code as the lcoal user.
So, it's a "remotely exploitable" flaw in the sense that it's "a local
flaw that can be exploited remotely if and only if someone uses some
*other* remotely exploitable flaw first"?
> This is why even local root exploits are dangerous, even though people like
> yourself try to play them down as irrelevant.
No one's saying they are "irrelevant", and the speed with which this
was patched indicates how seriously they are taken. But they simply are
not as bad as remotely-exploitable holes, and pretending that they are
is thoroughly dishonest.
"Blended threats" that chain vulnerabilities are rare in practice. They
are vastly outnumbered by exploits that target a single flaw. Exploiting
a single flaw can be complex; the complexity goes up at least
expoentially and potentially combinatorially when you start chaining
Ray Ingles (313) 227-2317
Isn't the phrase "ruler of the free world" an oxymoron?