[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

Henning Makholm wrote:
Scripsit Tom <tb.31123.nospam@comcast.net>
On Tue, Dec 02, 2003 at 11:06:44PM +0800, Isaac To wrote:

rather far from changing anything in the kernel memory.  Andreas is
definitely right that the hole doesn't look like that it is that dangerous.

If it wasn't a big deal we wouldn't be talking about it. It shut down servers. It's dangerous enough.

Whw Isaac said was that he understands why the kernel developer who
originally fixed the bug did not realize that it was security

OK, this is sort of what I was after. I suspected this was the case, since nothing else would make much sense. I'm just glad the exploit was discovered, and I think the way the whole situation was handled from day one was very professional.

Frederik Dannemare

Reply to: