Andre Hedrick wrote:
> On Fri, 21 Jul 2000, Ove Ewerlid wrote:
>
> > I like Andre's perfectionist approach at the protocol level.
>
> Thanks,
>
> Now to restate that it is possible to push the shellstack with the
> mini-code that is called disk-destroyer.c with out being root and wax your
> system. I hate having to expose everything, but now the hackers of the
> world know now to take down Linux Boxes one by one.
>
> You now have no choice, the security issue is exposed.
I would much rather publicly expose myself after the patch had gone into the
kernel. As it stands now in the worst light, people's hardware is going to
be destroyed because they A) don't have a patched kernel and B) most people
haven't a clue -how- to patch their kernel. So they're hung out to dry
waiting until their distro has a patched kernel.
-d
-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:16 EST