From: Chris Wright <chris@wirex.com>
To: Jeff Garzik <jgarzik@pobox.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Release of 2.4.21
Date: Thu, 20 Mar 2003 17:20:58 -0800 [thread overview]
Message-ID: <20030320172058.A30322@figure1.int.wirex.com> (raw)
In-Reply-To: <20030320210305.GH8256@gtf.org>; from jgarzik@pobox.com on Thu, Mar 20, 2003 at 04:03:05PM -0500
* Jeff Garzik (jgarzik@pobox.com) wrote:
>
> The ptrace bug is only one of several local root holes. IIS would imply
> a remote vulnerability, something _far_ more serious.
>
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion. The only reason why it demands a modicum of
> vendor responsibility is that a-holes are making easy-to-use exploits
> available for the script kiddies.
I know it's already been said, but IMHO it needs to be underscored. Local
root holes are just a simple non-root remote exploit away from being
remotely exploitable root holes. Both are often considered
insignificant, and that is scary! As far as fileutils...couldn't agree
more ;-) But that doesn't make a locally exploitable root hole in the
kernel any less significant.
cheers,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2003-03-21 1:11 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030320200019$6ddc@gated-at.bofh.it>
[not found] ` <20030320203015$4839@gated-at.bofh.it>
2003-03-20 20:43 ` Release of 2.4.21 Florian Weimer
2003-03-20 21:03 ` Jeff Garzik
2003-03-20 21:33 ` H. Peter Anvin
2003-03-20 22:08 ` Sebastian D.B. Krause
2003-03-21 11:06 ` Oliver Feiler
2003-03-20 22:18 ` Arador
2003-03-21 1:20 ` Chris Wright [this message]
2003-03-24 18:07 ` security of fileutils (Re: Release of 2.4.21) Pavel Machek
[not found] <20030320205011$1378@gated-at.bofh.it>
[not found] ` <20030320205011$0acb@gated-at.bofh.it>
[not found] ` <20030320205011$2c88@gated-at.bofh.it>
[not found] ` <20030320211011$5967@gated-at.bofh.it>
2003-03-20 21:48 ` Release of 2.4.21 Florian Weimer
2003-03-20 21:17 Dow, Benjamin
2003-03-21 0:57 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2003-03-20 19:56 Adrian Knoth
2003-03-20 20:21 ` Sebastian D.B. Krause
2003-03-20 20:34 ` Jeff Garzik
2003-03-20 20:42 ` Christoph Hellwig
2003-03-20 20:53 ` Jeff Garzik
2003-03-20 21:05 ` David Lang
2003-03-21 1:55 ` Andrew Morton
2003-03-21 0:13 ` John Bradford
2003-03-21 1:30 ` Samuel Flory
2003-03-21 9:33 ` John Bradford
2003-03-21 8:40 ` Bernd Petrovitsch
2003-03-21 9:23 ` John Bradford
2003-03-21 21:53 ` Daniel Egger
2003-03-22 8:27 ` John Bradford
2003-03-22 14:54 ` Daniel Egger
2003-03-21 1:01 ` Alan Cox
2003-03-21 0:04 ` David Lang
[not found] <20030320200019_6ddc@gated-at.bofh.it>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030320172058.A30322@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=jgarzik@pobox.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox