[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060908165530.GA3602@danisch.de>
Date: Fri, 8 Sep 2006 18:55:30 +0200
From: hadmut@...isch.de (Hadmut Danisch)
To: Troy Cregger <tcregger@...nedyinfo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux kernel source archive vulnerable
On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:
>
> kernel-2.6.17-gentoo-r7 seems OK.
>
> $ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l
> 0
> $
The debian kernel is OK as well.
It's just the upstream kernel which has this flaw.
But this shows that gentoo and debian don't follow the alleged need
for these permissions either.
Ironically, if Microsoft distributed such files everyone would shout
"hidden backdoor!"
regards
Hadmut
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists