On Wed, Nov 18, 2009 at 7:36 PM, Jeff Garzik <jgarzik at pobox.com> wrote: > And it ignores that remote exploits are now much easier, because remote > non-root exploit + package install == remote root exploit. No, the uid needs to have logged in through a physical console.