Re: BUG FOUND: Re: Potentially serious problem with kernel-headers...

[Raul Miller <rdm@test.legislate.com>]

Monty <xiphmont@mit.edu> wrote:
> Well, I grovelled through the 4M of patches twixt 2.0.33 and 2.0.34.
> I found the problem killing cdparanoia.
>
> The hd_driveid struct in linux/include/linux/hdreg.h got bigger.
> Calling the HDIO_GET_IDENTITY ioctl() (a published interface to the
> ide subsystem) will cause a 2.0.33 or before application to trash its
> data segment/stack under 2.0.34.  If the application is built against
> 2.0.34 (and more importantly the 2.0.34 headers), the ioctl is safe
> under 2.0.33.

I forwarded that entire message to Alan Cox, here's what he had to
say:

   Ick. That one got missed. We are now 2.1 compliant, but its bad that 2.1
   grew it without changing the ioctl magic number.

   Thats a screwup.

and

   I can understand that worry. SuSE and Red Hat are it seems both happily
   going to 2.0.35. Also note 2.0.35 fixes several critical bugs which
   you should patch even if you stay at .34

   o       The IP routing cache change fixes crashes
   o       The SIGIO fix is serious and important to security
   o       The /proc fix is a less obvious security fix
   o       The quota fix is sort of a security fix (see bugtraq)

   The IDE stuff fixes the LS120 drives panicing

   and so on. So there are good reasons to consider what you ship
   carefully

...

   I've been through the changes again. I can't find another other API
   breakages outside of the intentional minor ones in the amateur radio
   layer, which since the old code was plain crud and only obscure config
   tools break was considered a good move.


I believe someone mentioned that we've got a fix in place for the SIGIO
problem.  How about the others?

-- 
Raul


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org