Re: [RHSA-2001:013-05] Three security holes fixed in new kernel

[Solar Designer <solar () OPENWALL COM>]

On Thu, Feb 08, 2001 at 06:03:00PM -0500, bugzilla () REDHAT COM wrote:
> Thanks to Solar Designer for finding the sysctl bug, and
> for the versions of the sysctl and ptrace patches we used.

Thanks for crediting me, but actually it's Chris Evans who found the
sysctl bug that affects Linux 2.2.  I only provided patches.

I found a very similar sysctl "signedness" bug a few years back,
fixed in Linux 2.0.34, but it's not an issue on Linux 2.2.  So all
credit for the discovery of this new bug is to Chris Evans.

As I am posting this anyway, -- these two fixes (but _not_ the DoS
one, yet) are included in 2.2.18-ow4 and 2.0.39-ow2 patches, which
I've just released:

        http://www.openwall.com/linux/

Actually, 2.0.39 only needed the execve/ptrace race condition fix.

--
/sd