Hacker News new | past | comments | ask | show | jobs | submit login

Another attack vector: An administrator deliberately creates a user starting with a 0, for example if they chose to name it after a system they are using (e.g. www.0xproject.com).

They assume that the program is running as a user with limited privileges. Then, an exploit gets found in that program, and now instead of an attacker gaining user-level access, they now have root-level access.

By far the most worrying part of the issue for me was that the developers said "oh it's not a bug" and just closed the issue, without properly thinking through the implications of the behaviour (such as the other attack vectors mentioned here). That's gross negligence.




I agree finding a bug is part of the development lifecycle. Having the developer just close the bug and claim its not an issue is the worrisome part. When the next bug is found there is less reason to report it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: