

Heroku sending out e-mails to all app owners regarding rails vulnerability - jtchang
http://blog.heroku.com/archives/2013/1/11/rails_security_vulnerability/?

======
jtchang
So heroku runs multiple apps on one box. I assume they are using linux and
each app is under a different user account.

However if any of those apps are vulnerable doesn't it mean the attacker has
access to the box as a user? From there it is just a local privilege
escalation (which are pretty common) and you have access to everyone else's
apps right?

