Re: vmsplice bug, javascript vulnerable ?

To: debian-user@lists.debian.org
Subject: Re: vmsplice bug, javascript vulnerable ?
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Wed, 26 Mar 2008 11:03:22 -0400
Message-id: <[🔎] 20080326150322.GC6091@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 47EA1C9D.4050401@actrix.gen.nz>
References: <[🔎] 47EA1C9D.4050401@actrix.gen.nz>

On Wed, Mar 26, 2008 at 09:51:25PM +1200, C.T.F. Jansen wrote:
> Greetings,
>         Regarding the root compromise in Debian 4.0R1, DSA 1491-1,
> relating to vserver and vmsplice. Can one disable this feature or not
> enable it, without breaking the kernel or anything else ?
> Is it possible for remote programs, say a website that one is browsing
> with javascript turned on [shudder], to do the vserver/vmsplice root
> compromise or otherwise use it to degrade the system in some way ?
> Thanks in advance.

Why not just upgrade the kernel?  Don't think that by disabling
vserver/vmsplice you'll elimiate all bugs from the kernel.  They're
there, they just haven't been found or fixed yet.  As great as Debian
is, it is still Linux.

Doug.

Reply to:

References:
- vmsplice bug, javascript vulnerable ?
  - From: "C.T.F. Jansen" <frank.jansen@actrix.gen.nz>

Prev by Date: Re: curious -anyone else seeing this?
Next by Date: Re: Debian is losing its users
Previous by thread: Re: vmsplice bug, javascript vulnerable ?
Next by thread: Debian is losing its users
Index(es):
- Date
- Thread