Quote:
Originally Posted by ixtab
@eureka: Great job!
As this is a HUGE security issue, I expect this to be fixed with the next Firmware release. I'd bet my money that Amazon starts fixing this as soon as they read this thread.
|
Or just stop running the browser (and nearly everything else) as 'root'.
One "common" practice is to make the browser suid and the user id as "nobody" (with "nobody" not having any privledges of any kind).
Not sure if the Kindle's have such a user already setup, but somebody with time on their hands might check this out for us.