New Kernel Crash-Exploit discovered
Simon Weller
simon at nzservers.com
Thu Jun 17 16:41:05 UTC 2004
On Thursday 17 June 2004 11:08 am, Dominic Hargreaves wrote:
> On Wed, Jun 16, 2004 at 08:53:01PM +0100, Jon Peatfield wrote:
> > Now for the bit people might not like, the FP exception isn't the only
> > patch in there since I was already about to roll out a new kernel
> > anyway with the following trond NFS server patch (for talking to OSX
> > 10.3 and FreeBSD clients):
> >
> >
> > http://www.fys.uio.no/~trondmy/src/Linux-2.4.x/2.4.23-rc1/linux-2.4.23-03
> >-fix_osx.dif
>
> Can the list please give some opinions on whether this fix should be
> added into the next .legacy kernel which I'm preparing? I'm assuming
> that the patch has been fairly well tested by now. As always, there is a
> fine line between adding functionality which could come with it more
> bugs, and providing wanted fixes. We really really need to get this one
> out of the door in the next week or so, I think, otherwise we are just
> going to get left behind with the next round of inevitable fixes.
My feeling is to put this patch on the back burner and get the latest legacy
out as soon as people are happy with the QA.
The reason I say this is the FPU exception loop DOS is a nasty one for every
company out there running shared webhosting servers with any kind of user
functionality. I know most companies don't offer shell access (and rightly
so), but with the exec(), system() function(s) et al in perl and php, and the
fact the exception can be triggered by any user makes the abuse potential a
rather broad problem.
If we start rolling in new noncritical patches now, especially ones that
probably aren't going to able to be tested that quickly, we could push the
next .legacy kernel out to at least a couple of weeks.
My 2 cents.
regards,
Simon
>
> Cheers,
>
> Dominic.
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
--
Simon Weller LPIC-2, BCIP
Systems Engineer
NZServers LTD
http://www.nzservers.com/
U.S. Branch
<-
To mess up a Linux box, you need to work at it; to mess up your Windows box,
you just need to work on it.
- Scott Granneman, Security Focus
->
More information about the fedora-legacy-list
mailing list