On Thu, Apr 26, 2001 at 03:41:49PM +0200, Florian Weimer wrote: > Johnny Cyberpunk * <johncybpkat_private> writes: > > The LSD Team has found this bug in the ARGUS System. Know since January > > 2001, found by a NETBSD-Team and fixed very earlier than SUN has. > > SUN fixed it primal on 17.04.2001 and ARGUS hasn't patched it. > > Has anybody looked at the LDT modification syscall in the Linux > kernel? I did, and wrote this in a private discussion a few days ago: | I've checked the implementation of modify_ldt(2) on Linux 2.0 and 2.2 | after the NetBSD advisory was released (the next day, actually) and | posted my comments to security-audit: | | http://marc.theaimsgroup.com/?l=linux-security-audit&m=98237041708897 | | Basically, this instance of the vulnerability doesn't affect Linux and | I'm not aware of another which would, but the code could be made safer. | | Of course, it would be nice if someone double-checks this. Matt Chapman has independently reviewed the same code now (thanks!) -- /sd
This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 09:51:17 PDT