From: Chris Wright <chris@wirex.com>
To: Jeff Garzik <jgarzik@pobox.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Release of 2.4.21
Date: Thu, 20 Mar 2003 17:20:58 -0800 [thread overview]
Message-ID: <20030320172058.A30322@figure1.int.wirex.com> (raw)
In-Reply-To: <20030320210305.GH8256@gtf.org>; from jgarzik@pobox.com on Thu, Mar 20, 2003 at 04:03:05PM -0500
* Jeff Garzik (jgarzik@pobox.com) wrote:
>
> The ptrace bug is only one of several local root holes. IIS would imply
> a remote vulnerability, something _far_ more serious.
>
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion. The only reason why it demands a modicum of
> vendor responsibility is that a-holes are making easy-to-use exploits
> available for the script kiddies.
I know it's already been said, but IMHO it needs to be underscored. Local
root holes are just a simple non-root remote exploit away from being
remotely exploitable root holes. Both are often considered
insignificant, and that is scary! As far as fileutils...couldn't agree
more ;-) But that doesn't make a locally exploitable root hole in the
kernel any less significant.
cheers,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2003-03-21 1:11 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030320200019$6ddc@gated-at.bofh.it>
[not found] ` <20030320203015$4839@gated-at.bofh.it>
2003-03-20 20:43 ` Release of 2.4.21 Florian Weimer
2003-03-20 21:03 ` Jeff Garzik
2003-03-20 21:33 ` H. Peter Anvin
2003-03-20 22:08 ` Sebastian D.B. Krause
2003-03-21 11:06 ` Oliver Feiler
2003-03-20 22:18 ` Arador
2003-03-21 1:20 ` Chris Wright [this message]
2003-03-24 18:07 ` security of fileutils (Re: Release of 2.4.21) Pavel Machek
[not found] <20030320205011$1378@gated-at.bofh.it>
[not found] ` <20030320205011$0acb@gated-at.bofh.it>
[not found] ` <20030320205011$2c88@gated-at.bofh.it>
[not found] ` <20030320211011$5967@gated-at.bofh.it>
2003-03-20 21:48 ` Release of 2.4.21 Florian Weimer
2003-03-20 21:17 Dow, Benjamin
2003-03-21 0:57 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2003-03-20 19:56 Adrian Knoth
2003-03-20 20:21 ` Sebastian D.B. Krause
2003-03-20 20:34 ` Jeff Garzik
2003-03-20 20:42 ` Christoph Hellwig
2003-03-20 20:53 ` Jeff Garzik
2003-03-20 21:05 ` David Lang
2003-03-21 1:55 ` Andrew Morton
2003-03-21 0:13 ` John Bradford
2003-03-21 1:30 ` Samuel Flory
2003-03-21 9:33 ` John Bradford
2003-03-21 8:40 ` Bernd Petrovitsch
2003-03-21 9:23 ` John Bradford
2003-03-21 21:53 ` Daniel Egger
2003-03-22 8:27 ` John Bradford
2003-03-22 14:54 ` Daniel Egger
2003-03-21 1:01 ` Alan Cox
2003-03-21 0:04 ` David Lang
[not found] <20030320200019_6ddc@gated-at.bofh.it>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030320172058.A30322@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=jgarzik@pobox.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.