On Tue, Sep 21, 2004 at 03:11:49AM +0400, Solar Designer wrote: > On Sat, Sep 18, 2004 at 09:57:19PM +0200, Michal Zalewski wrote: > > Exposure: > > > > Remote root compromise through buffer handling flaws > > FWIW, some (two?) distributions have privsep'ed telnetd by now, where > the immediate impact of this flaw (if it were present there) would be > code execution as pseudo-user "telnetd" chrooted to /var/empty. (*) Debian's telnetd runs as user telnetd, though it does not chroot to /var/empty. -- - mdz
