On Tue, Dec 02, 2003 at 01:09:31AM -0800, Eric Cordian wrote: > An interesting occurrence, because it demonstrates that massive numbers of > open source participants auditing the code aren't sufficient to ferret out > every giant coding blunder. I don't know that I'd call it "auditing" exactly; to my knowledge, no audit as such has been undertaken with the kernel. That said, evidently, a pair of the "many eyes" did ferret this one out, about 9 weeks ago:
http://linux.bkbits.net:8080/linux-2.4/diffs/mm/[EMAIL PROTECTED]@1.1148.2.2 Unfortunately, he did not see it as critical enough to throw out security alerts and make a new release right then, so anyone with untrusted local users was completely unprotected. Including Debian, apparently. Regards, petard
