Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel 2.2.13 Makes the Scene

Posted by Hemos on from the rolling-in-the-barrels dept.

Mads-Martin was one of the many folks to point out that 2.2.13 has made the mirrors. The patch is also up on kernel.org. You know the routine - download, compile, etc.

11 of 103 comments (clear)

  1. More details soon, I expect by ajs · · Score: 3

    Look to the kernelnotes site for more details. I expect the changes list will appear there first....

  2. More info, changelogs by Mads-Martin · · Score: 4

    Since Alan Cox have been taking over the 2.2 kernel branch, there's lot of good info about it at www.uk.linux.org and at his diary.

  3. Re:God bless Alan Cox and Linux Torvalds. by GooberToo · · Score: 5

    Can we please not post kernel releases unless the change log is also attached? Without this, I fear that we are pushing the "you must upgrade" mentality that MS users are used to. This way, we may also help cut down on the number of downloads that are done and free up some bandwidth for those people that may actually need the fix.

  4. Re:2.2.13 croaks w/ gcc 2.95.1 by sdt · · Score: 4

    A while ago somebody posted in the gcc 2.95 announcement article that all you had to do to get the kernel compiled fine with 2.95(.1) was add -fno-strict-aliasing to the CFLAGS in the Makefile - it works fine for me, I've been running 2.2.13 compiled with gcc 2.95.1 since a few hours now.

    Here's the gcc 2.95 story, it's comment #26.

  5. Re:Bad luck? ;-) by jd · · Score: 4

    NCC (Nature's C Compiler) does support the -superstition flag, but this is turned off by default, if you also use -geek. You can override this, by selecting -spooky. However, -spooky cannot be used with any debug flags and will automatically disable any reality exception handlers.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  6. Re:old news? by _SkiBum_ · · Score: 3

    I would say that mandrake probable shipped with one of the 2.2.13-pre kernels, I'm guessing pre7 with a few mandrake patches by the look of your version line.

    --
    Just a SkiBum stuck in the east...
  7. Re:Bad luck? ;-) by BorgDrone · · Score: 3

    NCC (Nature's C Compiler) does no longer support -geek (it's deprecated), the new version (NCC 3.15.6) now uses the -nerd flag which turns off -superstition (just like version 3.14.8) but turns on the -mustreadslashdot12timesaday flag (this is new for version 3.15.6)
    furthermore, there is a new -microsoftslave flag (which disables the -nerd flag) and a new -linuxnerd flag (which enables -nerd , -mustreadslashdot12timesaday and -hateMS )

    ---

  8. You really should upgrade by aheitner · · Score: 5

    from 2.2.12 to this kernel.

    This is important: there was a nasty stack-smashing bug that was fixed late in the pre-releases for this kernel.

    It was discovered by ben at valinux dot com, and was posted to BugTraq on Friday.

    Ben writes:

    While doing some debugging, I discovered a really nasty stack smash
    bug in linux-2.2.12. The I haven't checked previous versions of the
    2.2 kernel but bug appears to be fixed in linux-2.2.13pre17.

    If I am reading this correctly, the implications of this bug could be
    very dire. It may be possible to easily obtain root privilege on any
    box running this kernel.

    Basically the problem is that the execve system call checks that argv
    is a valid pointer but it doesn't check that all of the pointers in
    argv array are valid pointers. If you pass bad pointers into the
    execve system call you can corrupt the processes stack before it
    returns to user space. Then when the kernel hands off the process to
    the elf loader code and which begins to setup the processes it can be
    made to execute some malicious code in place of the program's main
    function.

    This is particularly scary because all of this occurs BEFORE the
    program begins executing its main function and AFTER the program
    returns to user space with privilege. Therefore no matter how well
    audited the program may be it can be used as to gain privilege.

    The thing that tipped me off to the problem was that a program that I
    exec'd was getting killed with SIGSEGV in __libc_start_main before my
    main function began running.

    -ben


    There was more discussion that followed, tho I won't summarize it here. But do upgrade :)

  9. Solution to this problem by platypus · · Score: 3

    Right from linux-kernel, this seems to have nothing to do with gcc,
    a modification in the kernel sources should
    do it (it was mentioned in a threat about 2.2.13pre18).
    from Matthias Hanisch:

    Try to increase the HEAP_SIZE constant to 0x3000 in
    linux/arch/i386/boot/compressed/misc.c (as set in current 2.3.x kernels).

  10. Exploit for 2.2.12 by D3 · · Score: 3

    The best reason to get 2.2.13 is that it is no longer vulnerable to a STACK SMASH bug which effected the previous 2.2.12 and possibly earlier kernels.

    --
    Do really dense people warp space more than others?
  11. Here is the REAL release notes! by Lface · · Score: 3

    Here is the release notes from Alan:
    http://www.linux.org.uk/VERSION/ relnotes.2213.html

    Enjoy!