|
|
|
|
|
|
by hackuser
3384 days ago
|
|
|
Much appreciated; thanks. I'd add one more item to the difficult-to-avoid vulnerabilities, file and file system metadata. Otherwise a simple directory listing, for a user or a background program, requires authentication. My guess is that vulnerabilities like that, including the user access hole that you describe so well, are the reason that modern OSes (e.g., on phones) isolate most data so that it is accessible only to certain applications, usually the app that created the data, instead of the old model of all applications having access to (almost) all data. Even if for practical reasons the application needs almost unlimited access to the data, at least you can limit the attack surface to only that app and parts of the OS. |
|
|