AndyC said:
longzheng said:
*snip*

I agree. Which is why I recommend avoiding describing the issue in terms of words like vulnerability, because it muddies the issue.

I'm referring to the system of low-level, medium-level, adminstrative (high) level application as process privileges. Do you believe those are security boundaries?

If so, and if they can be violated, shouldn't the flaw be classified as a vulnerability?