AndyC said:longzheng said:*snip*
I agree. Which is why I recommend avoiding describing the issue in terms of words like vulnerability, because it muddies the issue.
I'm referring to the system of low-level, medium-level, adminstrative (high) level application as process privileges. Do you believe those are security boundaries?
If so, and if they can be violated, shouldn't the flaw be classified as a vulnerability?