Yes it's still not a good thing for sometime to have a shell with no priv's but someone asked "better how?", I'm pretty sure if most admins had a choice between an attacker having root access or an attacker having a chrooted shell with no privs they would choose the latter. Seeing as how there isn't a patch yet for the bug, it's this or nothing. -Greg
> >Theo de Raadt said in a post to Bugtraq the exploit won't work on sshd with > >privilege seperation enabled, however even if it did work it'd be better to > >have an attacker get a chrooted shell with no privs instead of root access > >to the entire system. > > > In which case you just need a local exploit to go with your remote exploit. > > makes it harder but not impossible. > -- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
