Re: [SLUG] [ECOMM] Re: [LINK] Warnings over second "flaw" in RedHat Linux (fwd)

[DaZZa <dazza@nospam.zip.com.au>]

On Tue, 2 May 2000, Rick Welykochy wrote:

> > Mr Todd said he hoped to finish the task in the next fortnight.
 
> "This allows me to gain the highest level of user privileges within the
> kernel itself," he said.

So why is it Redhat specific, then, Mr Todd? All distributions of Linux
run the same kernel source tree - albeit at different revision levels
maybe, but the same source tree.

> Mr Todd, a Slackware Linux user, responded that there was no definition
> of a standard Linux kernel and that he had not seen the problem occur on
> other versions of Linux.

{snort} That'd be right. A standard kernel is one compiled from one of the
stable release trees.

> He said he first found the flaw in 1997 when a server running Red Hat in
> the data centre hosted by his company AH Net was hacked. He said that
> Red Hat ignored his warning.

1997, huh? 2 and a half whole YEARS ago? That'd be what, RH 3? Maybe RH4?
And in all this time, with several hundred kernel hackers/programmers
running riot on the kernel tree, not ONE of them has found this "security
hole"? More importantly, nobody from 2600 has found it and exploited it?
No "script kiddies" have found it?

Put up or shut up, Adam. Let's see your proof. And no junk about it being
commercially valuable - if only you know about it, it's not commercially
valuable to anyone except you, because only you can exploit it.

DaZZa




--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to slug-request@nospam.slug.org.au with
unsubscribe in the text