Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> > would have been nice if there was some kind of ChangeLog which listed
> > such fixes. Alan Cox's "release notes" mention most fixes, but they
> > are remarkably terse regarding security fixes. Is this intentional?
>
> They should list all fixes reasonably accurately. They may well not tell
> you how to exploit them. That is intentional
IOW: No silent fixes, all problems are listed? Thanks. So the bug I
observed was not mentioned only unintentionally (file access
permissions used to be cached across calls to seteuid()).
-- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:24 EST