logoalt Hacker News

consptoday at 8:38 AM2 repliesview on HN

> viewing data is a fundamental failure of the principle of least privilege.

I read the cwe not cve, was wrong. It's still early in the morning...

Replies

seritoolstoday at 8:46 AM

You are mistaken:

> The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user.

mwalsertoday at 8:49 AM

> If I read it correctly (but could be mistaken), it runs with setuid root

I am certain you are mistaken. I couldn't find anything that hints at notepad running with elevated privileges.

show 1 reply