[9271] in bugtraq
2.2.0 SECURITY (fwd)
daemon@ATHENA.MIT.EDU (Aaron Lehmann)
Wed Jan 27 21:04:06 1999
Date: Wed, 27 Jan 1999 05:41:59 +0000
Reply-To: Aaron Lehmann <aaronl@VITELUS.COM>
From: Aaron Lehmann <aaronl@VITELUS.COM>
To: BUGTRAQ@NETSPACE.ORG
A bug has been discovered in the recently released Linux 2.2.0. I suggest
going back to Linux 2.0.36 until this nasty bug is fixed.
It was later realized that this bug DOES also affect Linux 2.2.0ac1, but
only if the core file has permissions 600.
KeyID 1024D/73348CA0
Fingerprint 8EFC 7F10 F26C 55A8 458A 38B0 890F 384F 7334 8CA0
Public key available at http://www.vitelus.com/aaronl/pubkey.asc
---------- Forwarded message ----------
Date: Tue, 26 Jan 1999 21:46:06 -0700 (MST)
From: Dan Burcaw <dburcaw@terraplex.com>
To: linux-kernel@vger.rutgers.edu
Subject: 2.2.0 SECURITY
There is a bug that works only on the 2.2.0 kernel that will allow root
and non-root users to crash the machine (the system reboots).
To replicate this bug do following:
Take any core file, and as normal user or root run: ldd core
The machine will reboot, saying that it cannot get execution permissions
for ./core
As far as I can tell, this problem only affects x86 machines running
2.2.0. I know that PPC is not affected.
Note: This problem does not occur in kernels before 2.2.0, and is
apparently fixed in 2.2.0ac1.
Thanks to Gennady Gurov (gurov@frii.com) for discovering this problem.
Dan
Terra Firma Design & Terra Soft Solutions, Inc.
voice (970) 416-9821 in Fort Collins
email dburcaw@terraplex.com
website http://www.terraplex.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
