Full Disclosure mailing list archives
Re: Linux kernel source archive vulnerable
From: hadmut () danisch de (Hadmut Danisch)
Date: Fri, 8 Sep 2006 18:55:30 +0200
On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:
kernel-2.6.17-gentoo-r7 seems OK. $ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l 0 $
The debian kernel is OK as well. It's just the upstream kernel which has this flaw. But this shows that gentoo and debian don't follow the alleged need for these permissions either. Ironically, if Microsoft distributed such files everyone would shout "hidden backdoor!" regards Hadmut _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux kernel source archive vulnerable Hadmut Danisch (Sep 07)
- Re: Linux kernel source archive vulnerable Raj Mathur (Sep 07)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 07)
- Re: Linux kernel source archive vulnerable Troy Cregger (Sep 07)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable FRLinux (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 07)
- Re: Linux kernel source archive vulnerable Lee Ball (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Raj Mathur (Sep 07)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)