Tiny Core Linux

Off-Topic => Off-Topic - Tiny Tux's Corner => Topic started by: robc on November 04, 2009, 12:37:31 PM

Title: Linux Kernel Security
Post by: robc on November 04, 2009, 12:37:31 PM

Here is an article about a security bug in the kernel. Not sure if this applies directly to TCL but still of interest....
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ (http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/)

Another, I don't think this guy likes the kernel team very much...
http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/ (http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/)

Title: Re: Linux Kernel Security
Post by: gerald_clark on November 04, 2009, 12:57:31 PM

Funny how they admit that the compiler removed the check, but still want to blame the kernel developers.
Shouldn't they be pointing fingers at the gcc team?

Title: Re: Linux Kernel Security
Post by: curaga on November 06, 2009, 02:54:18 PM

The article says every version before .32, so we would be vulnerable. But the exploit is a local one, and also requires setuid for the binary - not very likely to happen.