On Tue, Sep 28, 1999 at 12:01:16PM +1000, Herbert Xu wrote: > On Mon, Sep 27, 1999 at 05:30:51PM -0700, Joey Hess wrote: > > > > > > Actually, it should be critical if it's a root exploit. Grave only > > > includes > > > those that only comprise the user's account. > > > > Last I checked, root is a user. This is not a formal definition we're > > working from, please use common sense. (Note: grave is a _higher_ priotity > > than critical. Note also: root exploits tend to turn into user account > > exploits as soon as the attacker wants them to.) > > Root may be a user, but he is a special one at that :) root has privileges > that no other users have. If a user account was compromised, the attacker > is only able to perform tasks that user was allowed to, however, if the > root account is compromised, then that implies the compromise of all user > accounts on that machine, and things like using privileged ports, or > doing port IO, etc.
I think that any user account exploit is critical -> maybe it's a sudoers, not. However, grave is for exploit such as external access to private file without however giving login access to the machine. > > Also, AFAIK, critical is listed above grave (and important and others) in > all the relevant docos that I've seen. That's what I read also. > -- > Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) > Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > -- ------------------------------------------------------------------------ Fabien Ninoles Chevalier servant de la Dame Catherine des Rosiers aka Corbeau aka le Veneur Gris Debian GNU/Linux maintainer E-mail: [EMAIL PROTECTED] WebPage: http://www.tzone.org/~fabien RSA PGP KEY [E3723845]: 1C C1 4F A6 EE E5 4D 99 4F 80 2D 2D 1F 85 C1 70 ------------------------------------------------------------------------