On Wed, 2015-11-18 at 21:45 +0000, Ian Malone wrote:
Not really getting this. For any configuration task where you
replace
editing a root owned text file with access through some authorised
gui, that gui is still vulnerable.
That gui's code, unlike emacs, doesn't allow you to write arbitrary
data to arbitrary files. I can feed arbitrary input events to an emacs
window and have it modify any file the process could modify. It's a
lot harder to get, say, virt-manager to write arbitrary data to
arbitrary places.
- ajax