[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

On Tue, 02 Dec 2003, Michael Stone wrote:

> On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
> >I want to chime in here also, I too was unhappy that I did not know
> >about a local root exploit in 2.4.22 until the Debian machines were
> >compromised in this manner. I think a lot of people were in the same
> >boat (not to mention the debian folks). I watch kerneltrap, kernel
> >traffic, and slashdot fairly regularly for these purposes, and I did
> >not see anything of this sort come through, otherwise I would have
> >patched immediately (which is what I did last night when I received
> >the information).
> 
> What do you want? It was a mistake. It happens. Deal with it. If people
> had realized it was an exploit it would have been dealt with
> differently. 

I was lead to believe that it was a known exploit in the kernel, based
on what you say above I may be wrong. If so, then I would definately
change my tune. I dont expect people to announce security holes if
they don't know about them.

micah
Reply to: