On Thu, Aug 13, 1998 at 07:02:40PM +0100, Duncan Simpson wrote: > 2.1.115 devpts contains a bug that can prevent you from unmounting > file systems and the exploit program sticks in uninteruptable sleep > until you reboot. It may be possible to trash kernel data > structures using the bug with difficulty. I have yet to both ends > of a pty using ptmx and devpts. I assume other version are > vulnerable too. [...] Why is this even on BugTraq? I assume almost everyone (including Aleph One) knows that 2.1.x is a _development_ kernel version so bug should be reported to linux-kernelat_private or security-auditat_private where hopefully somebody can and will deal with it in a timely fashion, and any fixes supplied will be greatfully accepted and verified by the kernel gurus. Anybody who runs 2.1.x on a production server and has it blow up or whatever, deserves what they get. In short, don't use 2.1.x for production/stable systems, use 2.0.x or wait for 2.2.x. Similar arguments apply to development releases of *BSD, etc. -Chris
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:39 PDT