[1960] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Serious Linux 2.0.34 security problem (fwd)

daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Jul 6 02:18:38 1998

Date: Sun, 5 Jul 1998 23:40:15 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
Reply-To: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Linux mailing list user <linux@windows95.sucks.eu.org>
cc: Annex <annex@thing.annexgrp.org>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980705114733.220A-100000@k6.bero>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Sun, 5 Jul 1998, Linux mailing list user wrote:

> > The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number
> > is approximately 139.
> 
> A much simpler fix is to update to a 2.0.35preX kernel (X>=3).

Actually, this is such a trivial bug to fix, that for many it probably
makes more sense to edit fs/fcntl.c and recompile rather than suject
themselves to the latest pre-release kernel...unless they like testing
pre-releases.

Just out of curiosity...word of this broke in linux-kernel and bugtraq in
the last days of June.  Were the linux-security moderators away on
holiday, or do they live in a time zone several days behind the rest of
the world?

[mod: Moderators have other stuff to do besides keeping an eye on
linux-security. I've actually been pretty busy lately: I currently
have three clients shouting that they want stuff done NOW. Anyway, I
still try to find the time to moderate linux-security once a day. 

But this doesn't have anything to do with what you mention: I don't go
and find stuff on Linux-kernel and forward it here. I let someone else
do that. So if you see something on another mailing list, and think
its relevant, go ahead and forward it.

Regards,

Roger Wolff 
Your Moderator. ]



------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post