2.2.0 SECURITY (fwd)

[aaronl () VITELUS COM (Aaron Lehmann)]

A bug has been discovered in the recently released Linux 2.2.0. I suggest
going back to Linux 2.0.36 until this nasty bug is fixed.

It was later realized that this bug DOES also affect Linux 2.2.0ac1, but
only if the core file has permissions 600.


KeyID 1024D/73348CA0
Fingerprint 8EFC 7F10 F26C 55A8 458A  38B0 890F 384F 7334 8CA0
Public key available at http://www.vitelus.com/aaronl/pubkey.asc

---------- Forwarded message ----------
Date: Tue, 26 Jan 1999 21:46:06 -0700 (MST)
From: Dan Burcaw <dburcaw () terraplex com>
To: linux-kernel () vger rutgers edu
Subject: 2.2.0 SECURITY


There is a bug that works only on the 2.2.0 kernel that will allow root
and non-root users to crash the machine (the system reboots).

To replicate this bug do following:

Take any core file, and as normal user or root run: ldd core

The machine will reboot, saying that it cannot get execution permissions
for ./core

As far as I can tell, this problem only affects x86 machines running
2.2.0. I know that PPC is not affected.

Note: This problem does not occur in kernels before 2.2.0, and is
apparently fixed in 2.2.0ac1.

Thanks to Gennady Gurov (gurov () frii com) for discovering this problem.


Dan

Terra Firma Design & Terra Soft Solutions, Inc.

 voice   (970) 416-9821 in Fort Collins
 email   dburcaw () terraplex com
 website http://www.terraplex.com/




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo () vger rutgers edu
Please read the FAQ at http://www.tux.org/lkml/