Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel source archive vulnerable

From: hadmut () danisch de (Hadmut Danisch)
Date: Fri, 8 Sep 2006 18:55:30 +0200
On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:


kernel-2.6.17-gentoo-r7 seems OK.

$ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l
0
$



The debian kernel is OK as well. 

It's just the upstream kernel which has this flaw. 



But this shows that gentoo and debian don't follow the alleged need
for these permissions either. 


Ironically, if Microsoft distributed such files everyone would shout
"hidden backdoor!"



regards
Hadmut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: