On Wednesday, March 21, 2007 02:53:50 PM -0400 Jason Edgecombe <[EMAIL PROTECTED]> wrote:
Ok, so local access is required for OPENAFS-SA-2007-001 to be exploited?
No, but it's a lot easier. Without local access, you not only need to convince the client that some file you can write to is suid; you also have to convince someone/something that _does_ have local access to run it.
Can a non-root user exploit it?
This is a privilege escalation on the client. By definition, only a non-root user can exploit it; root users are already privileged.
-- Jeff _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
