>This is an example. If the attacker found and exploited a zero day >vulnerability >in SSH, he would be root, and would need no password for `su -`. I thought that >much was clear.
If, indeed, he exploited a bit of ssh which runs as root as a (large) part of it does not. (There are two daemons for each connection: one running as the user with the user's privileges, the other running as root to perform authentication chores but not much else) Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org