On Thu, 16 Apr 2009 23:50:54 -0600 dann frazier wrote:
> > > The support for dynamically loadable kernel modules in Linux can be
> > > abuses similarly. Does that make it a "grave security issue"?
> >
> > probably...at least until someone comes up with a secure way to do it.
>
> Oh, come on.
>
btw, redhat-based distros are thought to be invulnerable to these
attacks due their incorporation of execshield (in particular, due to
address space randomization). perhaps it's high time that debian
consider doing the same?
i know that execshield is not in the vanilla kernel, but when it comes
to
reopen 524373
thanks
On Thu, 16 Apr 2009 16:53:38 -0400 Noah Meyerhans wrote:
> On Thu, Apr 16, 2009 at 04:21:10PM -0400, Michael S. Gilbert wrote:
> >
> > i think that any flaw that allows an attacker to elevate his pwnage from
> > root to hidden should always be considered a grave security issu
Processing commands for cont...@bugs.debian.org:
> reopen 524373
Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Bug reopened, originator not changed.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(adminis
On Thu, Apr 16, 2009 at 04:21:10PM -0400, Michael S. Gilbert wrote:
>
> i think that any flaw that allows an attacker to elevate his pwnage from
> root to hidden should always be considered a grave security issue.
Your argument sounds like the one used by RIAA, MPAA etc, based on the
DMCA's anti-
On Thu, 16 Apr 2009 12:43:07 -0400, Noah Meyerhans wrote:
> On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote:
> > as seen in recent articles and discussions, the linux kernel is
> > currently vulnerable to rootkit attacks via the /dev/mem device. one
> > article [1] mentions tha
severity 524373 wishlist
thanks
On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote:
> package: linux-2.6
> severity: grave
> tags: security
>
> as seen in recent articles and discussions, the linux kernel is
> currently vulnerable to rootkit attacks via the /dev/mem device. one
>
On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote:
> as seen in recent articles and discussions, the linux kernel is
> currently vulnerable to rootkit attacks via the /dev/mem device. one
> article [1] mentions that there is an existing patch for the problem,
> but does not link t
package: linux-2.6
severity: grave
tags: security
as seen in recent articles and discussions, the linux kernel is
currently vulnerable to rootkit attacks via the /dev/mem device. one
article [1] mentions that there is an existing patch for the problem,
but does not link to it. perhaps this fix c
9 matches
Mail list logo
