[7667] in bugtraq
Re: Linux 2.1.115 oops (demo and fix)
daemon@ATHENA.MIT.EDU (Chris Wedgwood)
Fri Aug 14 11:13:54 1998
Date: Fri, 14 Aug 1998 15:05:25 +1200
Reply-To: Chris Wedgwood <chris@CYBERNET.CO.NZ>
From: Chris Wedgwood <chris@CYBERNET.CO.NZ>
X-To: Duncan Simpson <dps@IO.STARGATE.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199808131802.TAA00661@io.stargate.co.uk>; from Duncan Simpson on
Thu, Aug 13, 1998 at 07:02:40PM +0100
On Thu, Aug 13, 1998 at 07:02:40PM +0100, Duncan Simpson wrote:
> 2.1.115 devpts contains a bug that can prevent you from unmounting
> file systems and the exploit program sticks in uninteruptable sleep
> until you reboot. It may be possible to trash kernel data
> structures using the bug with difficulty. I have yet to both ends
> of a pty using ptmx and devpts. I assume other version are
> vulnerable too.
[...]
Why is this even on BugTraq?
I assume almost everyone (including Aleph One) knows that 2.1.x is a
_development_ kernel version so bug should be reported to
linux-kernel@vger.rutgers.edu or security-audit@ferret.lmh.ox.ac.uk
where hopefully somebody can and will deal with it in a timely
fashion, and any fixes supplied will be greatfully accepted and
verified by the kernel gurus.
Anybody who runs 2.1.x on a production server and has it blow up or
whatever, deserves what they get.
In short, don't use 2.1.x for production/stable systems, use 2.0.x or
wait for 2.2.x.
Similar arguments apply to development releases of *BSD, etc.
-Chris
