On Tue, 15 Oct 2002 15:04, you wrote: > > People should be using at least 2.4.19 if they have untrusted local users > > Is there documentation somewhere that explains the changes to 2.4.19 that > make it better for that purpose?
I _suppose_ it contains the fixes mentioned at http://rhn.redhat.com/errata/RHSA-2002-158.html which reads: Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits. The 2.4.18-5 kernel introduced some safety checks in the VM subsystem that were triggered when exiting an X session while using 3D acceleration with the Intel i810/i815 chipset. Additionally, there was a difficult to trigger race in the dcache of the file system subsystem. This kernel update addresses both of these issues. In addition, there are fixes for potential security holes in the following drivers: stradis rio500 se401 usbvideo apm Finally, this kernel fixes a few files in the /proc file system which had the capability to expose kernel memory when abused. All of the security issues found during an audit and none of them, at the time of this writing, have any known exploits. And that references http://www.thefreeworld.net/non-US/ and you're not allowed to read _that_ if you're a US citizen or resident in US territory. Since I'm sure there are people here who are not allowed to know, I'm not going to take the chance of telling you. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb