View Single Post
Old 05-27-2012, 11:31 AM   #10
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 5,774
Karma: 5722276
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by ixtab View Post
@eureka: Great job!

As this is a HUGE security issue, I expect this to be fixed with the next Firmware release. I'd bet my money that Amazon starts fixing this as soon as they read this thread.
Or just stop running the browser (and nearly everything else) as 'root'.

One "common" practice is to make the browser suid and the user id as "nobody" (with "nobody" not having any privledges of any kind).

Not sure if the Kindle's have such a user already setup, but somebody with time on their hands might check this out for us.
knc1 is offline   Reply With Quote