On 19 November 2015 at 15:31, Adam Jackson <ajax(a)redhat.com> wrote:
On Wed, 2015-11-18 at 21:45 +0000, Ian Malone wrote:
> Not really getting this. For any configuration task where you replace
> editing a root owned text file with access through some authorised
> gui, that gui is still vulnerable.
That gui's code, unlike emacs, doesn't allow you to write arbitrary
data to arbitrary files. I can feed arbitrary input events to an emacs
window and have it modify any file the process could modify. It's a
lot harder to get, say, virt-manager to write arbitrary data to
Harder, but you still have the permissions that the application has,
whatever route it may be using to modify those files. Emacs (for
example) while you are using it does not just access arbitrary files
under normal operation unless instructed, an attacker needs to subvert
it somehow. There are differences of course, but if an application has
rights that allow it access to things then someone taking control of
it can access them too.