On Tue, Feb 20, 2001 at 10:00:36AM +0100, Johan Segernas wrote: > > And I dont think your security-problem is in the kernel? > And if; use kernel 2.4.1 and debian and everything should be fine. the kernel rarely if ever has security problems that are remotely exploitable, but there are local vulnerabities that pop up. 2.2 kernels before 2.2.16 had a root exploit through pretty much any suid root binary. 2.2.18 and and 2.4.[01] have a ptrace race which allows suid executables to be ptraced (probable root exploit) and a arbitrary memory read by unprivileged users through sysctl(). this is fixed in 2.2.19pre9 and presumably 2.4.2pre4. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpZgeqLpBCrK.pgp
Description: PGP signature