Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Tom <tb.31123.nospam@comcast.net>
Date: Tue, 2 Dec 2003 02:23:43 -0800
Message-id: <[🔎] 20031202102343.GA7743@comcast.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org>

On Tue, Dec 02, 2003 at 10:08:03AM +0100, Andreas Metzler wrote:
> 
> Apparently nobody knew it was comparable to ptrace, it looked like a
> simple bugfix and not like a local root exploit.
> 

Well, I just downloaded 2.4.23 from kernel.org and installed it.

[obGrumble] I never got hit by any of the Microsoft exploits either but 
I hated the upgrade treadmill [end].  Of course this is the 1st one in 
Linux for me and I'm willing to give y'all the benefit of the doubt 10 
or 11 times :-)

Was this problem a deviation from well-established security practices or 
is a new thing?  Could somebody explain it in a nutshell?

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Re: Revival of the signed debs discussion
Next by Date: Re: [custom] Custom Debian Distributions
Previous by thread: Re: Backport of the integer overflow in the brk system call
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread