Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based- buffer overrun PoC Zeroday

From: Yves-Alexis Perez <corsac@debian.org>
To: oss-security@lists.openwall.com
Cc: Kurt Seifried <kseifried@redhat.com>,king cope <isowarez.isowarez.isowarez@googlemail.com>,full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com,todd@packetstormsecurity.org,submit@offsec.com,Mitre CVE assign department <cve-assign@mitre.org>,Steven Christey <coley@mitre.org>,security@mariadb.org,security@mysql.com,Ritwik Ghoshal <ritwik.ghoshal@oracle.com>,moderators@osvdb.org
Subject: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based- buffer overrun PoC Zeroday
Date:


On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
> My opinion is that the FILE to admin privilege elevation should be patched.
> What is the reason to have FILE and ADMIN privileges seperated when
> with this exploit
> FILE privileges equate to ALL ADMIN privileges. 

Maybe because you might not want admins to have read/write access to the
filesystem anyway?

Regards,
-- 
Yves-Alexis




Copyright © 1995-2020 LinuxRocket.net. All rights reserved.