On Wed, Apr 14, 2004 at 04:16:28PM -0500, Micah Anderson wrote: > With the rash of security gaffs in the kernel related to mmap and > mremap, does it make anyone else nervous to see the following in the > changelog for 2.4.26: > > o mremap NULL pointer dereference fix > > If this was a security concern, would it be noted in the changelog?
Not generally, no. The kernel maintainers are notorious for obscuring such things. > Additionally, the 2.4.25 kernel seems to have a local root exploit for > CDROMs: http://lwn.net/Articles/80480/ See DSA-479. -- - mdz
