From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <fe39419c8601f05a9daf0a9b20cf5287@quanstro.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] security
From: erik quanstrom <quanstro@quanstro.net>
Date: Sat, 27 Oct 2007 15:18:44 -0400
In-Reply-To: <Pine.BSI.4.64.0710270711280.18446@malasada.lava.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: dbba5cfa-ead2-11e9-9d60-3106f5b1d025

> How about forking off a server process that lets me execute arbitrary 
> commands as you?
> 
> How about placing trojan processes in your person bin directory?
> 
> How about subtly corrupting all of the writable data in your filesystem?
> 
> How about setting up a spam bot on your machine?  Using your machine as 
> part of a distributed denial-of-service attack against some other 
> networked machines?
> 
> How about replacing your compiler with one that introduces errors 
> nondeterministically?  Changing your acme to occasionally not save your 
> data?
> 
> If you sit down and think of it for a little bit you'll notice this is 
> just the tip of the iceburg.  There are lots of irritating things that can 
> happen even without setuid or a super user.

clearly, you're not getting an account on my machine.

- erik