Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Quoting Adam ENDRODI (email@example.com):
> Just a humble question: how the average user who doesn't use the
> kernel sources provided by Debian and cannot follow lk should have
> known about the bug? The changelog read ``Add TASK_SIZE check to
> do_brk()'', there's no indication that it's a security fix.
> I'm really curious how you cope with it.
Oh, it gets worse than that. In this case, at least Andrew Morton
noticed the memory-management bug (September), and Marcelo sent in a
patch (2003-10-02). Sure, nobody (except a black hat) realised the
security implications, but at least a patch existed. You also have to
worry about bugs that _only_ black hats have discovered and that they've
figured out how to exploit.
That's part of why klecker, murphy, and gluck were running AIDE. Also,
sysadmins were alert enough to notice master and murphy showing
suspciously similar kernel-oops symptoms.
So, there you have two of the ways that people cope: (1) Attentive
sysadmins, and (2) well-configured and monitored IDSes.
 Not to mention use of security tokens stolen from compromised
See also Wichert's very canny list of recommendations at the bottom of
Cheers, find / -user your -name base -print | xargs chown us:us