| brent timothy saner on 15 Mar 2018 13:44:56 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] text editor priv escalation |
On 03/15/2018 04:35 PM, Walt Mankowski wrote: > This is why I use ed(1), the standard text editor. > > On Thu, Mar 15, 2018 at 09:53:32AM -0400, jeff wrote: >> https://www.securityweek.com/hackers-can-abuse-text-editors-privilege-escalation >> >> For an attack to work, the attacker needs to somehow hijack a legitimate >> user account that has regular privileges, which can be achieved through >> phishing, social engineering and other methods. In the case of a malicious >> insider, the vulnerability found by SafeBreach can be useful for executing >> code with elevated privileges if their permissions have been restricted by >> the system administrator to certain files and commands. >> obligatory: https://xkcd.com/378/ https://xkcd.com/1341/ https://xkcd.com/1823/
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug