[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call



On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
> On Wed, Dec 03, 2003 at 11:17:19AM +1100, Russell Coker wrote:

> 
> The only way to have avoided this kernel vulnerability from day-0 of
> discovery/fix release would have been to be constantly upgrading to
> pre-release kernels.
> 
> I'm starting to sound like I'm trolling for closed-source development models
> or something, which is not the case,

Smartcards would have avoided the Debian compromise: merely having a 
compromised DD box would have prevented bad guy from getting on the box.

It's all about layers of defense.

I think the DD's should seriously think about requiring smartcards.  It 
would have prevented the proxmiate cause of our recent troubles.



Reply to: