On Tue, 20 Apr 2010, Waseem Daher wrote: > Well, hang on, there's really a defense-in-depth argument to be made here.
Exactly. > Combine that with the relative frequency of kernel privilege > escalation vulnerabilities (a few privilege escalation vulnerabilities > get found ~monthly in the Linux kernel), and things become a bit more > concerning. Exactly. remote non-root exploit + local root exploit = remote root exploit. This isn't theoretical. Attackers used combined vectors like this to break-in to systems all the time. Bottom line: kernel vulnerabilities matter even if they are local. Rob -- Email: [email protected] IRC: Solver Web: http://www.practicalsysadmin.com Open Source: The revolution that silently changed the world _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
