Re: Backport of the integer overflow in the brk system call
Frederik Dannemare wrote:
just curious: any particular reason why we didn't see a backport any
sooner of the integer overflow in the brk system call (see recent
announcement by Wichert Akkerman:
like we did with the ptrace issue some time back?
Wasn't it (the brk vuln) considered to be threatening enough to justify
a quick fix, or was it because the fix by Andrew Morton didn't say
(kerne changelog) enough about the potential seriousness of the vuln, or?
forgot to say: hat's off to the forensics guys. great work! I really
appreciate that we now know what helped the attacker gain root.