[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: vmsplice bug, javascript vulnerable ?

On Wed, Mar 26, 2008 at 09:51:25PM +1200, C.T.F. Jansen wrote:
> Greetings,
>         Regarding the root compromise in Debian 4.0R1, DSA 1491-1,
> relating to vserver and vmsplice. Can one disable this feature or not
> enable it, without breaking the kernel or anything else ?
> Is it possible for remote programs, say a website that one is browsing
> with javascript turned on [shudder], to do the vserver/vmsplice root
> compromise or otherwise use it to degrade the system in some way ?
> Thanks in advance.

Why not just upgrade the kernel?  Don't think that by disabling
vserver/vmsplice you'll elimiate all bugs from the kernel.  They're
there, they just haven't been found or fixed yet.  As great as Debian
is, it is still Linux.


Reply to: