Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Andrew Pollock <debian-lists@andrew.net.au>
Date: Wed, 3 Dec 2003 09:20:21 +1000
Message-id: <[🔎] 20031202232021.GA32333@daedalus.andrew.net.au>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org>

On Tue, Dec 02, 2003 at 10:08:03AM +0100, Andreas Metzler wrote:
> 
> Apparently nobody knew it was comparable to ptrace, it looked like a
> simple bugfix and not like a local root exploit.
> 

What bugs the hell out of me is that people with nothing better to do with
their time can sit on the lkml and watch what's getting fixed, and put more
analysis into individual fixes than the kernel maintainers themselves can,
and cook up an exploit for what all and sundry previously believed to be
reasonably benign.

I love the bazaar development model, but I see this as a serious flaw with
it...

Andrew

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Re: Revival of the signed debs discussion
Next by Date: Re: [custom] The term "flavor" and encouraging work on Debian
Previous by thread: Re: Backport of the integer overflow in the brk system call
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread