Hello Horms, Tuesday, August 9, 2005, 6:33:04 AM, you wrote:
>> > I have read the cahngelog for Debian version of kernel 2.4.27 (and .26 >> > too) and I have found that the latest version of Posix ACL patches seems >> > to be 0.8.71, merged by Herbert Xu in April 2004. H> are you talking about CAN-2005-0757 No, I don't think it's the same. This issue, AFAIK, causes default acls to disappear from a directory, but does not crash the system. It's not really a security issue, since it does not allow more rights on the files, but less rights (removing default ACLS). Well, if a user can trigger it, it's a DOS anyway. I have not investigated the issue very deeply, but I can tell that it can be fixed by applying the newer (>= 0.8.72) ACL patches from http://acl.bestbits.at. To quote Andreas Gruenbacher, "This was fixed in version 0.8.72. The bug was in function ext2_xattr_cmp and ext3_xattr_cmp: They did not compare the e_name_index field." H> Otherwise, 2.4 is really in maintenence mode for Sarge, so you might be H> best to try one of the newer kernels (e.g. 2.6.12) in unstable. I'll try 2.6.12, because with 2.6.8 (Sarge default 2.6 kernel) I have had issues with USB2 controllers not being released by the BIOS to the kernel's driver (which never happened with 2.4.x series) so I could not use USB2 devices at all. -- Fabio "Kurgan" Muzzi La diagnosi del tecnico: Sovrapposizione di indirizzi nella RAM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
