Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO

[Martin Baehr <mbaehr@example.com>]

On Wed, Feb 26, 2003 at 09:37:12AM -0500, Josh Glover wrote:
> I disagree. Case in point: newer kernels in the 2.4.x series (at least, the
> ones packaged by Gentoo and Red Hat--I cannot comment on the vanilla tree)

the last kernel related debian security advisory came out april 16th 2001
that is almost 2 years ago, and not anywhere near the suggested 90 days.

none of the problems there were exploitable from outside, thus no reason
to upgrade if you trust your userspace software (and keep that uptodate
for security problems) (though it would be dumb not to upgrade, because
better safe than sorry)


This is a list of problems based on the 2.2.19 release notes

* binfmt_misc used user pages directly
* the CPIA driver had an off-by-one error in the buffer code which made
  it possible for users to write into kernel memory
* the CPUID and MSR drivers had a problem in the module unloading code
  which could case a system crash if they were set to automatically load
  and unload (please note that Debian does not automatically unload kernel
  modules)
* There was a possible hang in the classifier code
* The getsockopt and setsockopt system calls did not handle sign bits
  correctly which made a local DoS and other attacks possible
* The sysctl system call did not handle sign bits correctly which
  allowed a user to write in kernel memory
* ptrace/exec races that could give a local user extra privileges
* possible abuse of a boundary case in the sockfilter code
* SYSV shared memory code could overwrite recently freed memory which
  might cause problems
* The packet length checks in the masquerading code were a bit lax
  (probably not exploitable)
* Some x86 assembly bugs caused the wrong number of bytes to be copied.
* A local user could deadlock the kernel due to bugs in the UDP port
  allocation.

greetings, martin.
-- 
interested in doing pike programming, sTeam/caudium/pike/roxen training,      
sTeam/caudium/roxen and/or unix system administration anywhere in the world.
--
pike programmer     working in europe                             csl-gmbh.net
                    open-steam.org     (www.archlab|(www|db).hb2).tuwien.ac.at
unix                bahai.or.at                       iaeste.(tuwien.ac|or).at
systemadministrator (stuts|black.linux-m68k).org        is.(schon.org|root.at)
Martin Bähr         http://www.iaeste.or.at/~mbaehr/