El 8/9/23 a les 11:59, Marc ha escrit:
Since when does a hacked website gain root? What argument is next, when your storage solution is hacked they have access to your files? Are you not working with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley considering root access gained.
Apart from this privilege escalation is a real threat: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=privilege+escalation
This link is crap, did you even read a few items on this page? Put then a link to the apache httpd root access.
Fact still remains that nobody here on this list has eternal life nor eternal resources, so you would be stupid to focus on your webserver root access exploit instead of roundcube.
Next to that, it is more common these days to use containers so there is not even a webserver that runs root.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
If roundcube/dovecot is in discussion, we can't assume the rest of environment i secure and well-configured: Webserver, Kernel, DB server, etc. Then we need to work on good measures to not rely on "everything will be optimal because everybody did a good job".
And we can't assume Rouncube is perfect, same as Dovecot. Give time to time.
--
I'm using this express-made address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors.