Re: Ho ho ho - Linux v2.6.10

From: Paolo Ciarrocchi
Date: Wed Dec 29 2004 - 07:45:30 EST


On Sat, 25 Dec 2004 12:19:24 +0000, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
> On Gwe, 2004-12-24 at 22:39, Linus Torvalds wrote:
> > Ok, with a lot of people taking an xmas break, here's something to play
> > with over the holidays (not to mention an excuse for me to get into the
> > Glögg for real ;)
>
> Merry Yule to you too.
>
> Not wishing to be too ungrateful to Santa but
>
> - The broken AX.25 patches are not reverted so that doesn't work on some
> networks
>
> - It seems the security hole inducing exec_id change was not reverted
> and I've not yet found any other changes that fix the same problem
> (setuid_app >/proc/self/mem) in 2.6.10. It was actually quite nasty as a
> hole because you can seek the fd to the right target address before
> execing. With the other /proc changes did I miss something on this one
>
> I'll check it all over in more detail when I generate 2.6.10-ac
> (probably tomorrow), which will be nice as the patch will be a _lot_
> shorter and USB storage a lot happier than 2.6.9 based systems.
>

Having at least a -rc or maintaining a 2.6.XY.Z branch would avoid
these problems in my very humble opinion.

Best,

--
Paolo Ciarrocchi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/