Bug#524373: marked as done (linux-2.6: /dev/mem rootkit vulnerability)

To: Steve Langasek <vorlon@debian.org>
Subject: Bug#524373: marked as done (linux-2.6: /dev/mem rootkit vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 16 Apr 2009 16:42:06 +0000
Message-id: <[🔎] handler.524373.D524373.123989990419224.ackdone@bugs.debian.org>
References: <20090416163650.GA28674@dario.dodds.net> <[🔎] 20090416115505.448e97bb.michael.s.gilbert@gmail.com>

Your message dated Thu, 16 Apr 2009 09:36:50 -0700
with message-id <20090416163650.GA28674@dario.dodds.net>
and subject line Re: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
has caused the Debian Bug report #524373,
regarding linux-2.6: /dev/mem rootkit vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
524373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524373
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: linux-2.6: /dev/mem rootkit vulnerability

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Date: Thu, 16 Apr 2009 11:55:05 -0400

Message-id: <[🔎] 20090416115505.448e97bb.michael.s.gilbert@gmail.com>
package: linux-2.6
severity: grave
tags: security

as seen in recent articles and discussions, the linux kernel is
currently vulnerable to rootkit attacks via the /dev/mem device.  one
article [1] mentions that there is an existing patch for the problem,
but does not link to it.  perhaps this fix can be found in the kernel
mailing lists.

[1]
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216500687
--- End Message ---

--- Begin Message ---

To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 524373-done@bugs.debian.org

Subject: Re: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability

From: Steve Langasek <vorlon@debian.org>

Date: Thu, 16 Apr 2009 09:36:50 -0700

Message-id: <20090416163650.GA28674@dario.dodds.net>

In-reply-to: <[🔎] 20090416115505.448e97bb.michael.s.gilbert@gmail.com>

References: <[🔎] 20090416115505.448e97bb.michael.s.gilbert@gmail.com>
On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote:
> package: linux-2.6
> severity: grave
> tags: security

> as seen in recent articles and discussions, the linux kernel is
> currently vulnerable to rootkit attacks via the /dev/mem device.  one
> article [1] mentions that there is an existing patch for the problem,
> but does not link to it.  perhaps this fix can be found in the kernel
> mailing lists.

There is no security bug here.  /dev/mem functions as designed.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
--- End Message ---

Reply to:

References:
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Next by Date: Bug#524199: test build
Previous by thread: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Next by thread: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Index(es):
- Date
- Thread