Re: Release of 2.4.21

Chris Wright (chris@wirex.com)
Thu, 20 Mar 2003 17:20:58 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Greg KH: "Re: [PATCH] alternative dev patch"
Previous message: Jeff Garzik: "Re: [Bonding-devel] [patch] (2/8) Add 802.3ad support to bonding"

* Jeff Garzik (jgarzik@pobox.com) wrote:
>
> The ptrace bug is only one of several local root holes. IIS would imply
> a remote vulnerability, something _far_ more serious.
>
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion. The only reason why it demands a modicum of
> vendor responsibility is that a-holes are making easy-to-use exploits
> available for the script kiddies.

I know it's already been said, but IMHO it needs to be underscored. Local
root holes are just a simple non-root remote exploit away from being
remotely exploitable root holes. Both are often considered
insignificant, and that is scary! As far as fileutils...couldn't agree
more ;-) But that doesn't make a locally exploitable root hole in the
kernel any less significant.

cheers,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Greg KH: "Re: [PATCH] alternative dev patch"
Previous message: Jeff Garzik: "Re: [Bonding-devel] [patch] (2/8) Add 802.3ad support to bonding"