Quoting Adam ENDRODI ([EMAIL PROTECTED]): > Just a humble question: how the average user who doesn't use the > kernel sources provided by Debian and cannot follow lk should have > known about the bug? The changelog read ``Add TASK_SIZE check to > do_brk()'', there's no indication that it's a security fix. > > I'm really curious how you cope with it.
Oh, it gets worse than that. In this case, at least Andrew Morton noticed the memory-management bug (September), and Marcelo sent in a patch (2003-10-02). Sure, nobody (except a black hat) realised the security implications, but at least a patch existed. You also have to worry about bugs that _only_ black hats have discovered and that they've figured out how to exploit.[1] That's part of why klecker, murphy, and gluck were running AIDE. Also, sysadmins were alert enough to notice master and murphy showing suspciously similar kernel-oops symptoms. So, there you have two of the ways that people cope: (1) Attentive sysadmins, and (2) well-configured and monitored IDSes. [1] Not to mention use of security tokens stolen from compromised remote systems: http://linuxmafia.com/faq/Security/breakin-without-remote-vulnerability.html See also Wichert's very canny list of recommendations at the bottom of http://www.wiggy.net/debian/developer-securing/ -- Cheers, find / -user your -name base -print | xargs chown us:us Rick Moen [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
