[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Linux kernel source archive vulnerable
- To: Troy Cregger <tcregger@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Linux kernel source archive vulnerable
- From: hadmut@xxxxxxxxxx (Hadmut Danisch)
- Date: Fri, 8 Sep 2006 18:55:30 +0200
On Thu, Sep 07, 2006 at 05:04:39PM -0400, Troy Cregger wrote:
>
> kernel-2.6.17-gentoo-r7 seems OK.
>
> $ find /usr/src/linux-2.6.17-gentoo-r7/ -perm -666 ! -type l | wc -l
> 0
> $
The debian kernel is OK as well.
It's just the upstream kernel which has this flaw.
But this shows that gentoo and debian don't follow the alleged need
for these permissions either.
Ironically, if Microsoft distributed such files everyone would shout
"hidden backdoor!"
regards
Hadmut
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/