[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??

Isaac writes:
> And then, due to the kernel bug, the user can write into arbitrary
> location in the kernel, do whatever he wants.

It's rather more complicated than that.  The user reportedly must do some
pretty subtle stuff to get root via the brk() bug.  That's why the kernel
developers thought it was just an ordinary bug: they could see no way to
exploit it.
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to: