>> I think perhaps my point wasn't made clearly. The firewall can only be as
>> good as the OS on which it exists. If your firewall is an application
>> on top of an OS, I can break the firewall by breaking the OS.
>i never heard of any breakin possible because of a kernel bug.
>may be i'm wrong, may be it's possible, but i cannot imagine.
The context here seems to be ``break in using only the net'', and thus
the following example may be deemed disallowable, but the last statement
immediately brings to my mind the symbolic-link-to-suid-shell-script bug.