undefined | Better HN

0 pointsFnoord5y ago0 comments

If an adversary can get user access, they generally are able to also get root access (via social engineering or a local vulnerability). They'd also be able to read the memory of the web browser, or file contents. This is because on an average desktop, all the programs running as user have read/write access to each other.

On mobile OSes, capabilities are enabled by default. Even Symbian already had such. OpenBSD utilizes pledge to minimize impact.

0 comments

thayne5y ago

> all the programs running as user have read/write access to each other.

On many linux distributions this is not the case as yama ptrace_scope is enabled by default.

j / k navigate · click thread line to collapse

0 pointsFnoord5y ago0 comments

On mobile OSes, capabilities are enabled by default. Even Symbian already had such. OpenBSD utilizes pledge to minimize impact.

0 comments

thayne5y ago

> all the programs running as user have read/write access to each other.

On many linux distributions this is not the case as yama ptrace_scope is enabled by default.

j / k navigate · click thread line to collapse