[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linux kernel source archive vulnerable



On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:
> 
> kernel-2.6.17-gentoo-r7 seems OK.
> 
> $ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l
> 0
> $


The debian kernel is OK as well. 

It's just the upstream kernel which has this flaw. 



But this shows that gentoo and debian don't follow the alleged need
for these permissions either. 


Ironically, if Microsoft distributed such files everyone would shout
"hidden backdoor!"



regards
Hadmut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/