On 03/26/2008 04:51 AM, C.T.F. Jansen wrote:
Greetings, Regarding the root compromise in Debian 4.0R1, DSA 1491-1, relating to vserver and vmsplice. Can one disable this feature or not enable it, without breaking the kernel or anything else ? Is it possible for remote programs, say a website that one is browsing with javascript turned on [shudder], to do the vserver/vmsplice root compromise or otherwise use it to degrade the system in some way ? Thanks in advance.frank.jansen@actrix.gen.nz, ZL2TTS
Surely you're not talking about this: http://www.debian.org/security/2008/dsa-1491 But instead you meant to discuss this: http://www.debian.org/security/2008/dsa-1494 Debian seem to have backported the fix to theirversion of Linux 2.6. If you have security.debian.org in your sources.list and you've updated, you should be safe.
I can't directly answer your question however.