If the task would have been to find general security risks this would have counted. I mean, he did some serious harm, but he was able to find a security issue.
I think there is kind of an assumption that the scenario is “outside host gains privileged access” so there’s not really a security issue with some attacker deleting root on their own box.
If the task would have been to find general security risks this would have counted. I mean, he did some serious harm, but he was able to find a security issue.
I think there is kind of an assumption that the scenario is “outside host gains privileged access” so there’s not really a security issue with some attacker deleting root on their own box.
If it has been done properly you’re right. If this also affected the host machine it is a security issue.
They did but it might have been a good idea to prove that the command works instead of actually doing it.