[svlug] Restricting privileges
newmans at sonic.net
Wed Jan 14 18:56:25 PST 2015
Aside from whether this particular bug is a red herring, interest in apparmor had been expressed to
me previously so I wanted to share my research. I also wanted to show how to run a GUI process as a
different user transparently.
To wildly speculate, perhaps the reports are intentionally vague so that exploits are less likely to
be developed until end users have had a chance to update.
On 01/14/2015 06:39 PM, Jesse Monroy wrote:
> first thank you for bringing this to everyone's attention, but
> personally I see a Red Herring.
> If there is evidence to the contrary, please enlighten me. Otherwise,
> this is what I see:
> I followed the link provided. It links back to Mozilla.org
> The description is generic and not helpful. It ends in a very vague:
> and we presume that with enough effort at least some of these could be
> exploited to run arbitrary code.
> It has four reference links. Two (2) go to the mitre.og, Two (2) go to Bugzilla.
> The Mitre descriptions are generic in nature, and they link back the
> nist.org, then that page links to the same Bugzilla links in the
> previous page. So the links to mitre.org are completely useless and
> devoid of an real information.
> If I follow the Bugzilla links I get "Zarro Boogs found." (Yes, humor
> from the bugzilla people)
> So after all this deferencing of links I just do direct search.
> NOW it says:
> You are not authorized to access bug #1111737. To see this bug, you
> must first log in to an account with the appropriate permissions.
> So perhaps you'll see my annoyance.
More information about the svlug