[22741] in bugtraq
Re: [RHSA-2001:110-05] Insecure setserial initscript
daemon@ATHENA.MIT.EDU (Greg Woods)
Wed Sep 26 17:37:34 2001
Message-Id: <200109261918.NAA07041@ncar.ucar.EDU>
To: bugzilla@redhat.com
Date: Wed, 26 Sep 2001 13:18:44 -0600 (MDT)
Cc: redhat-watch-list@redhat.com, bugtraq@securityfocus.com,
linux-security@redhat.com, security@redhat.com
In-Reply-To: <200109261530.f8QFUGd10883@porkchop.redhat.com> from "bugzilla@redhat.com" at Sep 26, 1 11:30:00 am
From: woods@ucar.edu (Greg Woods)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> Do not use the initscript supplied with setserial. To disable it, use=20
> the following command:
>
> /sbin/chkconfig serial off
>
> Alternatively, if your system needs manual adjustment of its serial
> port settings and you wish to have those adjustments re-applied
> automatically on boot, be sure to use a kernel that has non-modular
> serial port support, such as those supplied by Red Hat, Inc.
I hope this isn't the final solution, because in my view, it's not
acceptable. I need to compile serial support as a module, not hard-coded
in the kernel, or else IrDA won't work correctly. If I interpret the
above correctly, it says that you either disable serial support, or
hard-code serial into the kernel instead of loading it as a module.
In that case, it will be impossible to use IrDA on a Red Hat system,
and I don't think that's an acceptable permanent solution.
--Greg
