[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian or Linux 7???



On Tue, Feb 20, 2001 at 10:00:36AM +0100, Johan Segernas wrote:
> 
> And I dont think your security-problem is in the kernel?
> And if; use kernel 2.4.1 and debian and everything should be fine.

the kernel rarely if ever has security problems that are remotely
exploitable, but there are local vulnerabities that pop up.  2.2
kernels before 2.2.16 had a root exploit through pretty much any suid
root binary.  2.2.18 and and 2.4.[01] have a ptrace race which allows
suid executables to be ptraced (probable root exploit) and a arbitrary
memory read by unprivileged users through sysctl().  this is fixed in
2.2.19pre9 and presumably 2.4.2pre4.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp0xxakR7ndc.pgp
Description: PGP signature


Reply to: