so far I found the problem with perf_events where exploit-containing binary can elevate permissions of regular user to root. This is indeed a big issue, but it seems to affect only systems with kernel newer than 2.6.36 and only these where this feature is enabled. Also it seems to me that only systems where untrusted users have shell access are affected by this since it require local execution of exploit.
But thanks for information, despite it doesn't seem to require urgent patch on systems with older kernel or any system where untrusted users have no shell access (such as webservers) I will consider updating my servers as well asap On Sat, May 18, 2013 at 11:47 AM, Happy Melon <[email protected]> wrote: > On 17 May 2013 23:26, Petr Bena <[email protected]> wrote: > >> hey, could you point me to that security patch? I am curious as I am >> myself running bunch of linux boxes >> > > +1 > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
