Re: Add murmur.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Add murmur.

From:	pelzflorian (Florian Pelz)
Subject:	Re: Add murmur.
Date:	Sun, 12 Feb 2017 18:42:42 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0

On 02/12/2017 06:01 PM, Hartmut Goebel wrote:
> Am 12.02.2017 um 15:37 schrieb David Craven:
>> I think that it is a minor
>> issue at best, since anything that isn't accessible over the network or 
>> running
>> with any sort of privileges is not very useful.
> 
> I strongly disagree!
> 
> Every piece of software available on the system may the intruder. The
> server may not be running so it can not be attacked in the first place.
> But if an intruder gains (unprivileged) access to the system, he might
> be able to start that server software. Then he might use it for
> privilege escalation (if the server software is vulnerable), as a
> back-channel or for attacking further systems.
> 

An attacker with enough privileges to run Murmur has enough privileges
to install Murmur anyway (perhaps but not necessarily by using Guix). Do
I misunderstand?

Regards,
Florian

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Add murmur., (continued)

Prev by Date: Re: Fixing non-reproducibility in some guile packages
Next by Date: Re: Add murmur.
Previous by thread: Re: Add murmur.
Next by thread: Re: Add murmur.
Index(es):
- Date
- Thread