On Thu, 2005-12-01 at 00:06 +0800, John Summerfied wrote:
>>I had some difficulty accessing material outside of /var/www
as user
>>Apache, on WBEL.
>
> Maybe exploiting the hypothetical kernel bug doesn't require access to
> anything particular in the filesystem...
It's pretty hard to do anything local without access to the local
filesystem:-)
User apache does have access to the local filesystem, just not outside
the jail. However, file access helps but isn't necessarily required to
exploit bugs in the kernel. There are plenty of callable kernel routines
that have nothing to do with file i/o.
Cheers
Steffen.