Описание
[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sysvinit | unfixed | package |
Примечания
hardly a security issue, if an attacker has local access to the machine and you
don't use encryption or something similar you have lost anyway
- this ^ philosophy is flawed; it should not be trivial to get root just because you
have local access to the machine. it is worth it to make it as difficult as
possible without impacting authorized users. otherwise, why spend so much effort
to make sure xscreensaver, gdm, and login are rock solid?
- i would like to track as low, rather than unimportant