Re: howcome there's no DSA for the latest Linux ptrace hole?

To: "Tom Goulet (UID0)" <uid0@em.ca>
Cc: debian-security@lists.debian.org
Subject: Re: howcome there's no DSA for the latest Linux ptrace hole?
From: Guille -bisho- <bisho@eurielec.etsit.upm.es>
Date: Fri, 21 Mar 2003 03:54:53 +0100
Message-id: <[🔎] 20030321025453.GA14943@eurielec.etsit.upm.es>
In-reply-to: <[🔎] 20030320225012.GM1014@nova.vor.em.ca>
References: <[🔎] 20030320225012.GM1014@nova.vor.em.ca>

>Howcome I don't see a Debian security advisory about the recently-found
>ptrace hole in Linux?
>
>Is it not really a hole?  Or something?
>
>I think there should be an announcement even if the Debian kernels are
>not vulnerable, to explain that they're not.
>
>Are the Debian kernels vulnerable to this hole?

At least the 2.4.19 is vulnerable.

A quick patch is to put a invalid binary on /proc/sys/kernel/modprobe
instead of the real modprobe binary, and then you have time to compile
out your kernel without having to run... :)

-- 
bisho!  _        -=] 21/03/2003 [=-
    _ ^(   )       _
   (  (   )  )     \ \___,,,
  (        )        / _____ >-
    ( :: )       >==-
  '. |::| ,  >==-
    \\:://  [ PACE, NOT WAR ]

Reply to:

Follow-Ups:
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Alexander Neumann <alexander@bumpern.de>

References:
- howcome there's no DSA for the latest Linux ptrace hole?
  - From: "Tom Goulet (UID0)" <uid0@em.ca>

Prev by Date: Is this an obsolete tiger file?
Next by Date: Re: looking for a good source to start learning about kerberos (thanx)
Previous by thread: Re: howcome there's no DSA for the latest Linux ptrace hole?
Next by thread: Re: howcome there's no DSA for the latest Linux ptrace hole?
Index(es):
- Date
- Thread