On Thu, Oct 03, 2002 at 05:36:39AM +0200, Peter Mueller wrote: > reducing root-run code from 27000 to 2500 lines is the important part. who > cares how many holes there are when it is in /var/empty/sshd chroot with no > possibility of root :) Not really. You are still a user on the system so you can use that machine as a relay to an intranet or to perform trust relationship attacks. You may also be able to steal sshd's private keys as an aid to a mitm attack. I care about that :) -- Filipe Almeida <filipeat_private>
This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 11:43:46 PDT