[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Tue, Dec 02, 2003 at 10:08:03AM +0100, Andreas Metzler wrote:
> Apparently nobody knew it was comparable to ptrace, it looked like a
> simple bugfix and not like a local root exploit.

Well, I just downloaded 2.4.23 from kernel.org and installed it.

[obGrumble] I never got hit by any of the Microsoft exploits either but 
I hated the upgrade treadmill [end].  Of course this is the 1st one in 
Linux for me and I'm willing to give y'all the benefit of the doubt 10 
or 11 times :-)

Was this problem a deviation from well-established security practices or 
is a new thing?  Could somebody explain it in a nutshell?

Reply to: