Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The distinction is moot. A remote exploit that gets you local execution combined with a local to root gets you remote to root, and game over.


Feels like a few years ago, posts about a local privilege escalation would be shouted down with "It doesn't matter, if someone has access to your machine, it's game over man". And remote code execution in a non-privileged context would be shouted down with "so what, it can't run as root". Glad to see people are finally connecting the dots.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: