Isaac writes: > And then, due to the kernel bug, the user can write into arbitrary > location in the kernel, do whatever he wants.
It's rather more complicated than that. The user reportedly must do some pretty subtle stuff to get root via the brk() bug. That's why the kernel developers thought it was just an ordinary bug: they could see no way to exploit it. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
