On Tue, 2005-11-29 at 14:13 +0800, John Summerfied wrote: > If there's a kernel update fixing a security problem only exploitable > with local access, and I control the only account with local access, > then I don't need it. Are you sure? If there's a bug in httpd that allows an attacker to run code as user apache, then the kernel bug may become quite useful to get root. Why run with a known vulnerability, just because one isn't smart enough to think of an attack vector? Defense in depth... Cheers Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part