oss-sec mailing list archives

Re: USBCreator D-Bus service

From: Solar Designer <solar () openwall com>
Date: Thu, 23 Apr 2015 05:49:47 +0300

On Wed, Apr 22, 2015 at 05:50:35PM -0700, Tavis Ormandy wrote:

On Wednesday, April 22, 2015, Seth Arnold <seth.arnold () canonical com> wrote:

We treat local root escalation vulnerabilities with a high priority[1].


I wish you had spoken up during the previous discussion. It was my
impression that embargoes for local privilege escalations were universally
considered deprecated.


I think Kurt's comment (in the linux-distros discussion) on not needing
further vulnerability reports embargoed applied solely to ABRT.

I can see how this can appear as extending to any local root issues, for
users who have ABRT installed and enabled.

Kurt might want to clarify this.

Alexander

Current thread:

Re: USBCreator D-Bus service, (continued)
- Re: USBCreator D-Bus service Solar Designer (Apr 22)
  - Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
    - Re: USBCreator D-Bus service Solar Designer (Apr 22)
    - Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
  - Re: USBCreator D-Bus service Seth Arnold (Apr 22)
    - Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
    - Re: Re: USBCreator D-Bus service Seth Arnold (Apr 22)
    - Re: Re: USBCreator D-Bus service Marc Deslauriers (Apr 22)
    - Re: Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
    - Re: Re: USBCreator D-Bus service Kurt Seifried (Apr 22)
    - Re: USBCreator D-Bus service Solar Designer (Apr 22)
    - Re: USBCreator D-Bus service Kurt Seifried (Apr 22)
    - Re: USBCreator D-Bus service Grandma Eubanks (Apr 24)
- Re: USBCreator D-Bus service cve-assign (May 03)