* Security patch for 2.6.2
@ 2004-02-10 16:08 David Pospíšil
2004-02-10 16:16 ` Markus Gaugusch
0 siblings, 1 reply; 5+ messages in thread
From: David Pospíšil @ 2004-02-10 16:08 UTC (permalink / raw)
To: linux-kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Where can I find security patch for 2.6.2 ?
Problem : look at this site : http://www.securityfocus.com/archive/1/353217
It is remote root exploit :-(
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAKQId4RoNZR5PGMkRAv5XAJ9nvE7W1m5tW33bdUsh6aUeIt/0pgCg7H0O
6t+UWH7k8YK7e81iMaEx5vA=
=D0aJ
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security patch for 2.6.2
2004-02-10 16:08 Security patch for 2.6.2 David Pospíšil
@ 2004-02-10 16:16 ` Markus Gaugusch
2004-02-10 16:47 ` Valdis.Kletnieks
0 siblings, 1 reply; 5+ messages in thread
From: Markus Gaugusch @ 2004-02-10 16:16 UTC (permalink / raw)
To: David Pospíšil; +Cc: linux-kernel
On Feb 10, David Pospíšil <foton2@post.cz> wrote:
> Where can I find security patch for 2.6.2 ?
> Problem : look at this site : http://www.securityfocus.com/archive/1/353217
> It is remote root exploit :-(
No, it is local root exploit. And the patch is attached to that posting.
Just apply it.
Markus
--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
/ \
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security patch for 2.6.2
2004-02-10 16:16 ` Markus Gaugusch
@ 2004-02-10 16:47 ` Valdis.Kletnieks
2004-02-10 18:17 ` Nicholas Miell
0 siblings, 1 reply; 5+ messages in thread
From: Valdis.Kletnieks @ 2004-02-10 16:47 UTC (permalink / raw)
To: Markus Gaugusch; +Cc: David Pospíšil, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 481 bytes --]
On Tue, 10 Feb 2004 17:16:37 +0100, Markus Gaugusch said:
> On Feb 10, David Pospí¨il <foton2@post.cz> wrote:
>
> > Where can I find security patch for 2.6.2 ?
> > Problem : look at this site : http://www.securityfocus.com/archive/1/353217
> > It is remote root exploit :-(
> No, it is local root exploit. And the patch is attached to that posting.
Is the *real* problem here that smbfs doesn't understand the moral
equivalent of 'mount -o nosuid/nodev/noexec/no-etc'?
[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security patch for 2.6.2
2004-02-10 16:47 ` Valdis.Kletnieks
@ 2004-02-10 18:17 ` Nicholas Miell
0 siblings, 0 replies; 5+ messages in thread
From: Nicholas Miell @ 2004-02-10 18:17 UTC (permalink / raw)
To: Valdis.Kletnieks; +Cc: Markus Gaugusch, David Pospíšil, linux-kernel
On Tue, 2004-02-10 at 08:47, Valdis.Kletnieks@vt.edu wrote:
> On Tue, 10 Feb 2004 17:16:37 +0100, Markus Gaugusch said:
> > On Feb 10, David Pospí¨il <foton2@post.cz> wrote:
> >
> > > Where can I find security patch for 2.6.2 ?
> > > Problem : look at this site : http://www.securityfocus.com/archive/1/353217
> > > It is remote root exploit :-(
> > No, it is local root exploit. And the patch is attached to that posting.
>
> Is the *real* problem here that smbfs doesn't understand the moral
> equivalent of 'mount -o nosuid/nodev/noexec/no-etc'?
No, the real problem is that both SAMBA 3 and Linux 2.6.x support the
CIFS Extensions for Unix and the guy who complained to BUGTRAQ doesn't
get this.
(BTW, nosuid/nodev/noexec are handled by the VFS, not the individual fs
drivers.)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security patch for 2.6.2
[not found] <1nIMg-5FD-9@gated-at.bofh.it>
@ 2004-02-10 16:54 ` der.eremit
0 siblings, 0 replies; 5+ messages in thread
From: der.eremit @ 2004-02-10 16:54 UTC (permalink / raw)
To: David Pospí¹il; +Cc: linux-kernel
On Tue, 10 Feb 2004 17:20:08 +0100, you wrote in linux.kernel:
> Where can I find security patch for 2.6.2 ?
> Problem : look at this site : http://www.securityfocus.com/archive/1/353217
> It is remote root exploit :-(
Read the full thread, it is a userspace problem caused by smbmnt
being setuid root in some distributions.
--
Ciao,
Pascal
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-02-10 18:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-02-10 16:08 Security patch for 2.6.2 David Pospíšil
2004-02-10 16:16 ` Markus Gaugusch
2004-02-10 16:47 ` Valdis.Kletnieks
2004-02-10 18:17 ` Nicholas Miell
[not found] <1nIMg-5FD-9@gated-at.bofh.it>
2004-02-10 16:54 ` der.eremit
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).