GeeK: more proof...
sat
satadru at umich.edu
Fri Jun 9 08:55:27 EST 2000
Can I apply the standard patch from 2.2.15 to 2.2.16 in Paul's CVS kernel?
---------- Forwarded Message ----------
Date: Thursday, June 08, 2000 1:23 AM -0400
From: Dug Song <dugsong at monkey.org>
To: backrow at citi.umich.edu
Subject: GeeK: more proof...
this is amazingly bad.
http://sendmail.net/?feed=000607linuxbug
A serious bug has been discovered in the Linux kernel that can be used
by local users to gain root access. The problem, a vulnerability in
the Linux kernel capability model, exists in kernel versions up to and
including version 2.2.15. According to Alan Cox, a key member of the
Linux developer community, "It will affect programs that drop setuid
state and rely on losing saved setuid, even those that check that the
setuid call succeeded."
-d.
---
http://www.monkey.org/~dugsong/
---------- End Forwarded Message ----------
** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc-dev
mailing list