A bug has been discovered in the recently released Linux 2.2.0. I suggest going back to Linux 2.0.36 until this nasty bug is fixed. It was later realized that this bug DOES also affect Linux 2.2.0ac1, but only if the core file has permissions 600. KeyID 1024D/73348CA0 Fingerprint 8EFC 7F10 F26C 55A8 458A 38B0 890F 384F 7334 8CA0 Public key available at http://www.vitelus.com/aaronl/pubkey.asc ---------- Forwarded message ---------- Date: Tue, 26 Jan 1999 21:46:06 -0700 (MST) From: Dan Burcaw <dburcawat_private> To: linux-kernelat_private Subject: 2.2.0 SECURITY There is a bug that works only on the 2.2.0 kernel that will allow root and non-root users to crash the machine (the system reboots). To replicate this bug do following: Take any core file, and as normal user or root run: ldd core The machine will reboot, saying that it cannot get execution permissions for ./core As far as I can tell, this problem only affects x86 machines running 2.2.0. I know that PPC is not affected. Note: This problem does not occur in kernels before 2.2.0, and is apparently fixed in 2.2.0ac1. Thanks to Gennady Gurov (gurovat_private) for discovering this problem. Dan Terra Firma Design & Terra Soft Solutions, Inc. voice (970) 416-9821 in Fort Collins email dburcawat_private website http://www.terraplex.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomoat_private Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:31:37 PDT