vulnerability of Linux
Steffen Kluge
kluge at fujitsu.com.au
Thu Dec 1 03:46:19 UTC 2005
On Thu, 2005-12-01 at 00:06 +0800, John Summerfied wrote:
> >>I had some difficulty accessing material outside of /var/www as user
> >>Apache, on WBEL.
> >
> > Maybe exploiting the hypothetical kernel bug doesn't require access to
> > anything particular in the filesystem...
>
> It's pretty hard to do anything local without access to the local
> filesystem:-)
User apache does have access to the local filesystem, just not outside
the jail. However, file access helps but isn't necessarily required to
exploit bugs in the kernel. There are plenty of callable kernel routines
that have nothing to do with file i/o.
Cheers
Steffen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051201/3b126f76/attachment-0001.sig>
More information about the fedora-list
mailing list