[2371] in Release_7.7_team
Re: Linux/Athena security updates
daemon@ATHENA.MIT.EDU (Thomas Bushnell, BSG)
Tue Aug 1 12:49:04 2000
To: Greg Hudson <ghudson@MIT.EDU>
Cc: release-team@MIT.EDU
From: tb@MIT.EDU (Thomas Bushnell, BSG)
Date: 01 Aug 2000 12:48:58 -0400
In-Reply-To: Greg Hudson's message of "Mon, 31 Jul 2000 15:49:45 -0400"
Message-ID: <u1hhf95nczp.fsf@kempis.mit.edu>
Greg Hudson <ghudson@MIT.EDU> writes:
> > kernel:
> > A security bug involving setuid programs is fixed in
> > this kernel.
>
> So, I picked up kernel 2.2.14-12 and put it in 8.4.8. I didn't pick
> up 2.2.16-3, which is listed as fixing the bug, because that wouldn't
> necessarily work with the AFS we have. Since 2.2.14-12 came out in
> April, it looks like we don't have this fix (contrary to what I said
> in some release notes) and can't necessarily get it safely. Oops.
Oh, for some reason I brainoed on the matter of AFS.
I think the best thing to do is to try the new kernel with the old
module and see if it goes swimmingly. And to poke Transarc hard and
ask for a new module.
> > emacs:
> > With emacs < 20.7, unprivileged local users can eavesdrop the
> > communication between Emacs and its subprocesses.
>
> Since we have 20.3 in the Athena release, I'd be interested in a
> source code patch for this one.
Ok, I'll work on getting you one.
