On Sat, Apr 10, 2004 at 09:19:00PM +0200, LeVA wrote: > I am just curious, that if my proftpd runs as user 'ftp', than the one > who uses this vulnerability could only run arbitrary code as user ftp, > or as root?
Only as ftp. But there have been a number of locally exploitable kernel vulnerabilities fairly recently, and an attacker could use one of these to obtain root access once they had shell access as a non-root user. Are you running a safe kernel? noah
pgpaRqHpKmix6.pgp
Description: PGP signature
