Re: [PATCH] Delete cryptoloop
From: Fruhwirth Clemens
Date: Sun Jul 25 2004 - 14:16:56 EST
On Sun, 2004-07-25 at 21:09, Lee Revell wrote:
> On Sun, 2004-07-25 at 14:02, Fruhwirth Clemens wrote:
> > On Sun, 2004-07-25 at 19:25, Jari Ruusu wrote:
> > > > Where is the exploit?
> > >
> > > wget -O cryptoloop-exploit.tar.bz2 "http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&q=p3"
> >
> > That's no exploit. Where is the exploit?
> > http://www.google.com/search?q=jargon%20exploit
> > When you're there, you can look up the term ``backdoor'' as well.
> >
>
> I am confused. Are you suggesting it's not an exploit because it
> doesn't work remotely? That would make it a local exploit.
I'm suggesting it doesn't work at all. The worst security problems have
been discussed in my first posting already:
http://lkml.org/lkml/2004/7/24/51
I vote for a change in the on-disk format, but not because of one of the
reasons, Jari has put forward.
--
Fruhwirth Clemens <clemens@xxxxxxxxxxxxx> http://clemens.endorphin.org
Attachment:
signature.asc
Description: This is a digitally signed message part