| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e9bded$qco$1@news.cistron.nl> Date: Sat, 15 Jul 2006 18:50:53 +0000 (UTC) From: "Miquel van Smoorenburg" <miquels@...tron.nl> To: linux-kernel@...r.kernel.org Subject: Re: Linux 2.6.17.5 In article <44B90DF1.8070400@...66.com>, Von Wolher <trilight@...66.com> wrote: >Daniel Drake wrote: >> Hi Linus, >> >> Linus Torvalds wrote: >> >>> I did a slight modification of the patch I committed initially, in the >>> face of the report from Marcel that the initial sledge-hammer approach >>> broke his hald setup. >>> >>> See commit 9ee8ab9fbf21e6b87ad227cd46c0a4be41ab749b: "Relax /proc fix >>> a bit", which should still fix the bug (can somebody verify? I'm 100% >>> sure, but still..), but is pretty much guaranteed to not have any >>> secondary side effects. >>> >>> It still leaves the whole issue of whether /proc should honor chmod AT >>> ALL open, and I'd love to close that one, but from a "minimal fix" >>> standpoint, I think it's a reasonable (and simple) patch. >>> >>> Marcel, can you check current git? >> >> >> I can confirm that the new fix prevents the exploit from working, with >> no immediately visible side effects. >> >> Thanks, >> Daniel >> > >Can some one release a 2.6.17.6 ? I think many people are waiting at >their keyboard to get their systems protected. # mount -o remount,nosuid /proc Haven't tested it but that should be the workaround. Mike. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists