This video summarizes the less key themes
from the lessons. The first one on
the first slide is that privilege is
not only setuid or setgid ideas. It's not only when
privileges are escalated, it's also when a privileged user
runs the program. When anyone runs it, the program
runs with their rights. If a sysadmin or
superuser runs it, it runs with
very high privileges. The second thing is
the definition of an attack. As I said the security policy defines what security means. So, an attack is
simply something that tries to violate
the site security policy. If it succeeds,
the attack is successful. But if there's no violation,
the attack fails.