Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
On Wednesday 07 May 2003 14:53, Peter Holm wrote:
> Hi,
>
> may I be allowed to ask some questions?
>
> I am a little bit confused about the latest discussions on the ptrace
> kernel bug.
[...]
> Why isn´t there a security warning about that ptrace bug?
[...]
Well the most problem is that Marcelo Tosatti (he is the maintainer of
official 2.4 kernel tree) thinks that the ptrace hole is not so
important ('only' local attacks possible) and the official kernel
sources will be patched with planned kernel version 2.4.21.
It would be the better solution to patch the official kernel sources as
fast as possible to get a new base for distributors and to get one
official patch.
By the way there are people not following security lists and they
believe that latest stable kernel ist really stable and has no known
security flaws... instead there is a flaw since months.
This is a behaviour for what we judge and hate Microsoft.
It is realy stupid to let the distributors do the work of security
patching the kernel. Maybe the distributors should hack their own
kernels and there is no "Linux" anymore?!
What I want say, it was not only a Debian based problem.
There is no announcement like there is none at www.kernel.org.
There are patched Debian kernel images with version 2.4.18-7 by the
kernel-image maintainer Herbet Xu but not in official debian package
trees. Just don't know where to find Herbert's packages. Perhaps
someone can post the place!
Reply to: