On Thu, Jan 22, 2009 at 2:12 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > Richard Hughes wrote: >> Sure, but my point if that GTK code is untrusted, and just not designed >> to be run with elevated privileges. A buffer-overflow is an easy exploit >> if the code is running as uid 0, whether running as setuid or as root. > > Why would you overflow a buffer on your own machine where you're already > root? It makes sense to attack a setuid binary on a machine you're not root > on, but it doesn't make sense to attack your own machine. Really? In that case I invite you to visit my website evil.com and click on a few links. Better still, log into my friendly server and run a few of my apps. They're running on my machine, not yours. Of course the GUI runs on your machine via X11 ... poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
