Comment 10 for bug 1813365
Revision history for this message
| Zygmunt Krynicki (zyga) wrote Re: Local privilege escalation in default Ubuntu installations | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hey Chris! We are very grateful for such a fantastic and responsible disclosure.
As for your question, AFAIR the problem was encapsulation.
In golang, everything that is capitalised is a public interface and can be accessed from other packages (roughly directories translate to packages). Anything that is not capitalised is private and can be only accessed from the package it belongs to.
The standard golang abstraction around UNIX sockets simply doesn't expose the peer credentials directly so we had to hack around in a way that would still be compatible with the rest of the standard library.