On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
I want to chime in here also, I too was unhappy that I did not know about a local root exploit in 2.4.22 until the Debian machines were compromised in this manner. I think a lot of people were in the same boat (not to mention the debian folks). I watch kerneltrap, kernel traffic, and slashdot fairly regularly for these purposes, and I did not see anything of this sort come through, otherwise I would have patched immediately (which is what I did last night when I received the information).
What do you want? It was a mistake. It happens. Deal with it. If people had realized it was an exploit it would have been dealt withdifferently.
Mike Stone