--NMuMz9nt05w80d4+ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 14, 2004 at 03:18:15PM -0400, Randy Abernathy wrote: >=20 > I thought the whole idea of a virus was that you did NOT need ANY permis= sion > to run it but it worked it way into your system. Right. If a virus gets onto your system, even if running as a normal user, it is usually easy to find a local exploit that affects the current kernel. That way, getting root is a two step process, but not really that difficult as long as you can get the user to run your code somehow. Now, Windows used to have many more gateways to "Administrator" from an unprivileged account due to its design priorities of ease-of-use over security, and probably still does. But history shows that Unix is not nearly as invulnerable to local privilege escalation as we would like. --=20 Ryan Underwood, -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu --NMuMz9nt05w80d4+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA9agWIonHnh+67jkRAseQAJ92zG/GhQmJ/nS35SZ03nAJNQXLdgCgs4yb ir6WKqb3MUB6TsX5UcsTevY= =3XUS -----END PGP SIGNATURE----- --NMuMz9nt05w80d4+--