danmero wrote:
elgo wrote:
eejimm wrote:What he means is this is a priveledge escallation atack - someone already logged into the machine as a non-root user can (if done right) get root priveledges. But they already have to be logged in. Not generally an issue with routers and the like...
Jim
Please bear in mind that this router is running multiple daemons listening on the network, each one potentially having its own flaws and being the first step for firing this escalation. Suffice to say most of ERLs still have the PHP webinterface enabled...If you run the ps command you will see that all daemon run under the same account(not standard Linux practice). , "the set account name" having GID/UID = 0 , aka "root".
I see your point, and I agree.
For the record still, some daemons on EdgeOS don't run as root, and yes, priviledge separation, blahblah, do want 
Heil to OpenBSD anyway 