@@ -11,10 +11,10 @@ Threats against a rented service server:
Threat 0 : Exploit requirements
0a) "X active user" is assumed *always* fulfilled, as this requirement is expected to evolve under normal conditions
0b) "minimum N registered users" is assumed fulfilled besides exceptional circumstances, as a server is meant to provide more and more services over its lifetime
0c) "in the same LAN" is assumed always blocking, as an inter-LAN exploit assumes another machine got breached first
0d) "specific X version" can be easily blocked forever, as local libraries will always allow some kind of root elevation
0a) "X active user" is assumed *always* fulfilled for an intruder and never for the admin, as this requirement is expected to evolve under normal conditions
0b) "in the same LAN" is assumed always blocking, as an inter-LAN exploit assumes another machine got breached first
0c) "specific X version" can be easily set forever, as local libraries will always allow some kind of root elevation
0d) "registered users/ports" is assumed increasing over time by default, as a server is meant to provide more and more services over its lifetime. such requirement should be clearly documented
Threat 1 : Root access
1a) Any service can allow to log or lock root with the good vulnerability
