[1960] in linux-security and linux-alert archive
[linux-security] Re: Serious Linux 2.0.34 security problem (fwd)
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Jul 6 02:18:38 1998
Date: Sun, 5 Jul 1998 23:40:15 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
Reply-To: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Linux mailing list user <linux@windows95.sucks.eu.org>
cc: Annex <annex@thing.annexgrp.org>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980705114733.220A-100000@k6.bero>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Sun, 5 Jul 1998, Linux mailing list user wrote:
> > The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number
> > is approximately 139.
>
> A much simpler fix is to update to a 2.0.35preX kernel (X>=3).
Actually, this is such a trivial bug to fix, that for many it probably
makes more sense to edit fs/fcntl.c and recompile rather than suject
themselves to the latest pre-release kernel...unless they like testing
pre-releases.
Just out of curiosity...word of this broke in linux-kernel and bugtraq in
the last days of June. Were the linux-security moderators away on
holiday, or do they live in a time zone several days behind the rest of
the world?
[mod: Moderators have other stuff to do besides keeping an eye on
linux-security. I've actually been pretty busy lately: I currently
have three clients shouting that they want stuff done NOW. Anyway, I
still try to find the time to moderate linux-security once a day.
But this doesn't have anything to do with what you mention: I don't go
and find stuff on Linux-kernel and forward it here. I let someone else
do that. So if you see something on another mailing list, and think
its relevant, go ahead and forward it.
Regards,
Roger Wolff
Your Moderator. ]
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null