[16162] in bugtraq
Re: Escalation of privileges
daemon@ATHENA.MIT.EDU (Kenn Humborg)
Wed Aug 9 18:37:05 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NBBBIGEGHIGMPCNKHCECIEJADLAA.kenn@bluetree.ie>
Date: Tue, 8 Aug 2000 19:38:40 +0100
Reply-To: Kenn Humborg <kenn@BLUETREE.IE>
From: Kenn Humborg <kenn@BLUETREE.IE>
X-To: "Mayers, Philip J" <p.mayers@IC.AC.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F81592@icex1.cc.ic.ac.uk>
> Hmm... Interesting, but needs an idiot admin to exploit.
I beg to differ. I don't have the time to minutely examine
every file that every app installs. I think it is reasonable
to expect reputable companies (such as Symantec) to ship
their apps in a secure state.
In the 'real world', they'd get their asses whipped due to
lack of 'warranties of merchantibility and fitness for a
particular purpose'. Would you buy a car alarm that left
your doors unlocked? If you did, and the vendor didn't
make this clear, and sold it as a security enhancement,
you'd sue his ass off.
Unfortunately, in the software world, these stupid limited
warranties mean that you've got absolutely no ground to
stand on.
Annoyed,
Kenn
