On 03/26/2008 04:51 AM, C.T.F. Jansen wrote:
Regarding the root compromise in Debian 4.0R1, DSA 1491-1,
relating to vserver and vmsplice. Can one disable this feature or not
enable it, without breaking the kernel or anything else ?
Is it possible for remote programs, say a website that one is browsing
compromise or otherwise use it to degrade the system in some way ?
Thanks in advance.
Surely you're not talking about this:
But instead you meant to discuss this:
Debian seem to have backported the fix to their
version of Linux 2.6. If you have security.debian.org in your
sources.list and you've updated, you should be safe.
I can't directly answer your question however.