GeeK: more proof...

sat satadru at
Fri Jun 9 08:55:27 EST 2000

Can I apply the standard patch from 2.2.15 to 2.2.16 in Paul's CVS kernel?

---------- Forwarded Message ----------
Date: Thursday, June 08, 2000 1:23 AM -0400
From: Dug Song <dugsong at>
To: backrow at
Subject: GeeK: more proof...

this is amazingly bad.

    A serious bug has been discovered in the Linux kernel that can be used
    by local users to gain root access. The problem, a vulnerability in
    the Linux kernel capability model, exists in kernel versions up to and
    including version 2.2.15. According to Alan Cox, a key member of the
    Linux developer community, "It will affect programs that drop setuid
    state and rely on losing saved setuid, even those that check that the
    setuid call succeeded."



---------- End Forwarded Message ----------

** Sent via the linuxppc-dev mail list. See

More information about the Linuxppc-dev mailing list