Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Root Exploit in Linux 2.4 and 2.6

Posted by michael on Friday January 7, 2005 @09:40AM from the without-users-this-wouldn't-be-a-problem dept.

Anonymous Coattails writes "Summary from the advisory: 'Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges.'"

1 of 795 comments (clear)

Min score:

Reason:

Sort:

Re:making APIs secure takes time by Alan+Cox · 2005-01-07 10:46 · Score: 5, Informative

No this was just a dumb locking bug. You could reasonably argue that some of the kernel API's for do_brk were less than well designed but thats more historical accident.

Its fixed by 2.6.10-ac6 along with the setsid crash and some other corner case bugs Coverity found.