-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-08-30 16:53, pinguin74 wrote:
Am 29.08.2014 16:50, schrieb Carlos E. R.:
Well, I think one thing you can learn from attacks is, that attackers always abuse things you never expected they could be abused at all... Thus, disable, delete, remove everything not necessarily needed...
They can easily read the profiles from internet, or their own installation. They are published.
Maybe an attacker could read the profiles and then attack another app that seems to him to be secured in a less strict way? I´d like to avoid that by setting profiles to 640 or 600.
It is your system :-) But the attacker can simply probe applications till it/he finds one that gives him access. It is slower than reading the profiles directly, but no big issue to them, if they are interested. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQB6J0ACgkQtTMYHG2NR9XWQgCffjVF49DG/M5SccJ+2CfUGGr0 UyAAnjGBk8aU9ftmjCR63b4oXxfnoapw =UsAO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org