On Tue, Dec 02, 2003 at 12:28:43PM +1300, Volker Kuhlmann wrote:
> > On the subject of "how much damage can be done" to your kernel, here's
> > the latest alert
> We all know that buffer overflows have potential for disastrous
> consequences. How does that relate to unloading a module, or reading
> /proc/config.gz, which is I think what we were discussing? These are
> two different topics.
We were also discussing the possibly security benefits (i.e. very
slight) of disabling module loading using one method or another.
> > > This problem was found
> > > in September by Andrew Morton, but unfortunately that was too late for
> > > the 2.4.22 kernel release.
> Who cares whether it was late for xyz, it needs fixing.
...and it was fixed. I think the point is more that the problem was
found and fixed while ago, but this is the first _release_ kernel to
contain the fix.
Cheers,
-mjg
--
Matthew Gregan |/
/| [EMAIL PROTECTED]
