[2369] in Release_7.7_team
Re: Linux/Athena security updates
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 31 15:49:56 2000
Message-Id: <200007311949.PAA06540@egyptian-gods.MIT.EDU>
To: tb@MIT.EDU (Thomas Bushnell, BSG)
Cc: release-team@MIT.EDU
In-Reply-To: Your message of "Mon, 31 Jul 2000 15:42:50 EDT."
<200007311942.PAA32749@alice-whacker.mit.edu>
Date: Mon, 31 Jul 2000 15:49:45 -0400
From: Greg Hudson <ghudson@MIT.EDU>
> kernel:
> A security bug involving setuid programs is fixed in
> this kernel.
So, I picked up kernel 2.2.14-12 and put it in 8.4.8. I didn't pick
up 2.2.16-3, which is listed as fixing the bug, because that wouldn't
necessarily work with the AFS we have. Since 2.2.14-12 came out in
April, it looks like we don't have this fix (contrary to what I said
in some release notes) and can't necessarily get it safely. Oops.
> emacs:
> With emacs < 20.7, unprivileged local users can eavesdrop the
> communication between Emacs and its subprocesses.
Since we have 20.3 in the Athena release, I'd be interested in a
source code patch for this one.