Message269489
Unless you can show that it's loaded after the installer elevates, I'm not concerned. "User can run arbitrary code as themselves" is not a security vulnerability. (Hint: when the bundle elevates, it copies the exe to a new directory and runs it from there to avoid this issue.)
I'll leave this open for a few days in case of more comments. |
|
Date |
User |
Action |
Args |
2016-06-29 13:35:21 | steve.dower | set | recipients:
+ steve.dower, paul.moore, tim.golden, zach.ware, eryksun, chrullrich, anandbhat |
2016-06-29 13:35:21 | steve.dower | set | messageid: <1467207321.11.0.414510319834.issue27410@psf.upfronthosting.co.za> |
2016-06-29 13:35:21 | steve.dower | link | issue27410 messages |
2016-06-29 13:35:20 | steve.dower | create | |
|