It's actually vital that netraverse release an updated patch for 2.2.19.
There is a very serious security hole in all the kernels up to 2.2.19
(including 2.2.18). It's not a remote exploit, but a flaw that lets any
local user get root through a rather clever exploit that involves
attributes inproperly being set. Basically, you write a program that
executes a setuid executable but before the child process has even loaded
the setuid exe into memory, it's stopped, and replaced with some other
user code. However, the setuid attribute is still present and thus you
can get any code to run with those priviledges. That's quite a
simplifcation of the bug, but it's pretty close. Most of us probably use
win4lin on our private computers only, but for those worried about
untrustworthy users on the system, this is a legit concern. I've upgraded
every machine I administer (all 85 of them) to 2.2.19, expect my personal
pc because of win4lin's patch. I also second the notion to get out a 2.4
patch win4lin 2.0. (BTW the security race condition I've described is not
present in 2.4.x).
Michael
On Thu, 5 Apr 2001, Tim Bell wrote:
> On Thu 29 Mar 2001 at 17:57:00 +0200, Rein Klazes wrote:
>
> > Did any one succeed to get win4lin working with kernel 2.2.19?
>
> No, it didn't work for me either. It broke somewhere in the 2.2.19pre
> cycle, although I don't know where.
>
> Just in case anyone has the skills or time to try tracking this one down
> (maybe someone from Netraverse?), the following files which the win4lin
> patch changes were also changed from 2.2.18 to 2.2.19:
>
> arch/i386/boot/setup.S
> arch/i386/config.in
> arch/i386/kernel/apm.c
> arch/i386/kernel/entry.S
> arch/i386/kernel/Makefile
> include/linux/apm_bios.h
> kernel/exit.c
> mm/vmscan.c
>
> The most significant (size-wise) changes appear to be in apm.c.
>
> I hope that Netraverse will be providing a patch for 2.2.19 to get
> things working again. Mike Badger, please say it's going to happen
> soon...
>
> Tim.
>
_______________________________________________
Win4Lin-users mailing list
[EMAIL PROTECTED]
https://lists.netraverse.com/mailman/listinfo/win4lin-users
