Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: Brian K. (codesamurai_at_mac.com)
Date: 05/19/05
- Previous message: Martin Pitt: "[Full-disclosure] [USN-130-1] TIFF library vulnerability"
- In reply to: Brian K.: "Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability"
- Next in thread: Brian Phillips: "[Full-disclosure] Ports used by trogens"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 May 2005 11:07:43 -0400 To: full-disclosure@lists.grok.org.uk
> The issue is *any* application shouldn't have the ability to gain
> administrative control (by waiting for sudo [intended for something
> else] to be done).
Self correction/elaboration note: Sorry, that was a tad terse to the
point of being incomplete. It was intended to be framed in the
context of what was already discussed in this thread. (i.e.
something else doing the sudo intended for its own purposes, etc.,
all of which everyone is already well aware of.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Martin Pitt: "[Full-disclosure] [USN-130-1] TIFF library vulnerability"
- In reply to: Brian K.: "Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability"
- Next in thread: Brian Phillips: "[Full-disclosure] Ports used by trogens"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
