If the attacker just provides a file system that contains setuid shells or unsec... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tinus_hn on May 2, 2017 | parent | context | favorite | on: Intel's Remote AMT Vulnerability

If the attacker just provides a file system that contains setuid shells or unsecured device files, that's not really a bug and not remotely exploitable. But it's still a vulnerability.

jabl on May 3, 2017 [–]

Hopefully filesystems mounted by normal users will have nosuid,nodev enforced (whoever is responsible for this these days, policykit??). Please tell me I'm correct...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact