I’m going to go out on a limb here and say I’m not sure any local root exploit can qualify as severe. As we increasingly move to single user machines, the distinction between the sole user account and root diminishes.
It depends on your perspective. In the pre-Internet PC model the security boundary is around the machine and all data in the machine is accessible to all code running on the machine. Then in the 90s we started hooking PCs up to networks in big numbers and the security boundary was drawn around the LAN in a lot of environments. Expanding that to make all PCs trust everything else on the Internet hasn’t worked out super well. Now we’re seeing the sandboxed code model take hold in which the boundaries shrink again and software is expected to only have the rights the user granted it. Running third party code on your hardware doesn’t imply granting access to all of your data, just what you explicitly hand to the app. It’s basically the incremental reincarnation of compartmented mode workstations and in that model local privilege escalation is a big deal.
I’m going to go out on a limb here and say I’m not sure any local root exploit can qualify as severe. As we increasingly move to single user machines, the distinction between the sole user account and root diminishes.
It depends on your perspective. In the pre-Internet PC model the security boundary is around the machine and all data in the machine is accessible to all code running on the machine. Then in the 90s we started hooking PCs up to networks in big numbers and the security boundary was drawn around the LAN in a lot of environments. Expanding that to make all PCs trust everything else on the Internet hasn’t worked out super well. Now we’re seeing the sandboxed code model take hold in which the boundaries shrink again and software is expected to only have the rights the user granted it. Running third party code on your hardware doesn’t imply granting access to all of your data, just what you explicitly hand to the app. It’s basically the incremental reincarnation of compartmented mode workstations and in that model local privilege escalation is a big deal.