* Jeff Garzik (jgarzik@pobox.com) wrote:
>
> The ptrace bug is only one of several local root holes. IIS would imply
> a remote vulnerability, something _far_ more serious.
>
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion. The only reason why it demands a modicum of
> vendor responsibility is that a-holes are making easy-to-use exploits
> available for the script kiddies.
I know it's already been said, but IMHO it needs to be underscored. Local
root holes are just a simple non-root remote exploit away from being
remotely exploitable root holes. Both are often considered
insignificant, and that is scary! As far as fileutils...couldn't agree
more ;-) But that doesn't make a locally exploitable root hole in the
kernel any less significant.
cheers,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:33 EST