View Single Post
Old 05-27-2012, 12:31 PM   #10
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,002
Karma: 6359394
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by ixtab View Post
@eureka: Great job!

As this is a HUGE security issue, I expect this to be fixed with the next Firmware release. I'd bet my money that Amazon starts fixing this as soon as they read this thread.
Or just stop running the browser (and nearly everything else) as 'root'.

One "common" practice is to make the browser suid and the user id as "nobody" (with "nobody" not having any privledges of any kind).

Not sure if the Kindle's have such a user already setup, but somebody with time on their hands might check this out for us.
knc1 is offline   Reply With Quote