On Mon, Sep 27, 1999 at 05:30:51PM -0700, Joey Hess wrote: > > > > Actually, it should be critical if it's a root exploit. Grave only includes > > those that only comprise the user's account. > > Last I checked, root is a user. This is not a formal definition we're > working from, please use common sense. (Note: grave is a _higher_ priotity > than critical. Note also: root exploits tend to turn into user account > exploits as soon as the attacker wants them to.)
Root may be a user, but he is a special one at that :) root has privileges that no other users have. If a user account was compromised, the attacker is only able to perform tasks that user was allowed to, however, if the root account is compromised, then that implies the compromise of all user accounts on that machine, and things like using privileged ports, or doing port IO, etc. Also, AFAIK, critical is listed above grave (and important and others) in all the relevant docos that I've seen. -- Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
