-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 26 Dec 2003 12:23:31 -0800 Raymond Morsman <[EMAIL PROTECTED]> wrote: >Yes it is. But there's no privilege elevations available. So what >good will this do? Hi Raymond This will not do anything good. However, little explanation for You: not only vulns in setuid/setgid applications are danger. Imagine vulnerability in your favourite mp3 player, in .mp3 file parsing code. Somebody gives you .mp3 file, you run it, and BAM! owned!. This is similar situation. Best regards Winnie The Pooh Hacking Squadron -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj/spoMACgkQYE4zNxPdkhMEdgCfcWUtMarIeiKmnHY3sWHNO2Hk4qQA mQGgFVQ1cIZbYaKqi4mN4nQ3X5uA =V3H6 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
