> Let's say you are running two machines - a Linux box running Apache and a > Windows box running IIS. Apache runs as an unprivileged user while IIS > runs as root. Now, let's say an exploit comes out on the same day for > both Apache and IIS, both allowing a full shell access onto the box.
It gets worse. Under the new version of IIS that's just getting ready to come out, IIS doesn't just run as a system service, it is actually being made part of the Windows Server kernel! This means that if somebody manages to hack IIS, they are immediately acting as part of the OS. <shudder> Ben -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
