Hey, has anyone found the time to put together any patch to workaround the security bug in uml_net?
Attached are two patches. The first one, uml_net-slip.diff, is the minimal patch to apply to uml_net. The second one, uml_net-uml.diff, applies to 2.4.27-1um (note the half-hearted attempt to plug a FD leak in there as well). As a nice bonus, a UML with this patch still works with an unpatched uml_net binary.
I think it would be ok also to simply comment out the offending code (even providing some kind of -D configuration option for who really needs SLIP support, and they are few)!
Suggestions?
Agreed, tuntap is a compile time option, slip should be as well.
Steve Schmidtke
uml_net-slip.diff
Description: Binary data
Description: Binary data
