sudo disappears after latest update
Patrick O'Callaghan
pocallaghan at gmail.com
Wed Feb 10 21:45:27 UTC 2016
On Wed, 2016-02-10 at 10:53 -0700, jd1008 wrote:
>
> On 02/10/2016 10:27 AM, Patrick O'Callaghan wrote:
> > On Wed, 2016-02-10 at 10:17 -0700, jd1008 wrote:
> > > A malefic website can and does user JS to fork out processes that
> > > can
> > > sudo whatever they want.
> > Are you sure? If so, please give a reference.
> >
> > poc
> Some years ago, the reference came directly from google website
> analysis
> (obtained via the noscript add-on).
> to paraphrase what I read then (as I am sorry I did not keep that
> link),
> stated
> .... it installs malware without the user's knowledge or permission
> ....
>
> I will strive to locate that analysis and share it with th list.
>
> Unless of course, it has been sanitized or removed - because google
> re-analyzes websites
> once every 90 days.
I suspect you're thinking of a bug in some earlier version of JS (or
Java). Normally these things are supposed to run in a sandbox precisely
to prevent this. That's probably the main reason Google has just
announced they'll be blocking Flash content in the near future, as it's
notorious for this kind of problem.
poc
More information about the users
mailing list