On Fri, Jul 21, 2000 at 03:43:06PM -0700, David Ford wrote:
> Andre Hedrick wrote:
>
> > On Fri, 21 Jul 2000, Ove Ewerlid wrote:
> >
> > > I like Andre's perfectionist approach at the protocol level.
> >
> > Thanks,
> >
> > Now to restate that it is possible to push the shellstack with the
> > mini-code that is called disk-destroyer.c with out being root and wax your
> > system. I hate having to expose everything, but now the hackers of the
> > world know now to take down Linux Boxes one by one.
> >
> > You now have no choice, the security issue is exposed.
>
> I would much rather publicly expose myself after the patch had gone into the
> kernel. As it stands now in the worst light, people's hardware is going to
> be destroyed because they A) don't have a patched kernel and B) most people
> haven't a clue -how- to patch their kernel. So they're hung out to dry
> waiting until their distro has a patched kernel.
No, their hardware will be fried even when they do have the patched
kernel. That's the whole point.
-- Vojtech Pavlik SuSE Labs- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:16 EST