New Linux Kernel Vulnerability
Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return
value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here."
Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.
So we can get back to bitching about Window's security flaws :D
Slowly but surely as Linux is getting more mainstream it seems the same kind of holes that perpetually plague Windows exist in Linux as well.
It might be time to take a page from the MS book and take a few weeks for a full line by line audit.
Kernel 2.6.4-rc2-bk3: Never, I'll Never turn to the Dark side, I'm open source...like my father before me.
Bill: So be it, open source
Bill: if you will not be turned, you will be destroyed (shooting purple lightning bolts)
Bill: You will pay the price for your lack of vision
Kernel 2.6.4-rc2-bk3: Linus please (in agony).
.....to be continued
I await my -5 (Troll)
Don't bother. There's no published exploit. Have a beer. Watch the game. Don't worry. Relax. What's your IP?
Sure. A program can ask the operating system kernel to Do Things. Now, someone has found out that when you ask the kernel to Do Things certain way, the kernel subsequently thinks you are the Boss.
Like, you have this stack of forms you want the computer signed. You hand them over to the computer. One of the papers is "Do whatever I say" form that would give you the Power. The computer won't read it and just signs it along with the others, then hands you the forms back.
How's that for an explanation?
Get a windows CD
Boot
Reboot
Install
Reboot
Install some more
Reboot
Continue installation
Reboot
Register windows installation
Change a setting
Reboot
bah
TO DO:
... ad infinitum
Log onto slashdot.
Bash Microsoft.
Bash the bashers of Microsoft.
Bash the bashers of the bashers of Microsoft.
Prevent email address forgery. Publish SPF records for y
simply disable all local user accounts.
I really dont understand what all the fuss is about.