[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:
> On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
> > On Wed, Dec 03, 2003 at 11:17:19AM +1100, Russell Coker wrote:
> > 
> > The only way to have avoided this kernel vulnerability from day-0 of
> > discovery/fix release would have been to be constantly upgrading to
> > pre-release kernels.
> > 
> > I'm starting to sound like I'm trolling for closed-source development models
> > or something, which is not the case,
> Smartcards would have avoided the Debian compromise: merely having a 
> compromised DD box would have prevented bad guy from getting on the box.

Perhaps. But smartcards have a significant problem in a project such as

Are you going to pay for all those smartcards plus their readers?
Including any smartcards for possible future DD's?

If not, I suggest we forget about this, as it won't be feasible.

Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
  -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.

Attachment: signature.asc
Description: Digital signature

Reply to: