From: Frank Steiner [mailto:fsteiner-mail@bio.ifi.lmu.de]
Mike Tierney wrote
An immediate hotfix that requires no patching or updates is to disable core dumps.
As mentioned in http://www.isec.pl/vulnerabilities/isec-0023- coredump.txt (This is from the guy who discovered this problem - see http://secunia.com/advisories/15341 )
"A hotfix for this vulnerability is to disallow processes to drop core. This can be accomplished by setting the hard core size limit for users to 0 (e.g. ulimit -H -c 0, man limits.conf)."
But you can't do that in a running system. It won't affect running shells of normal users. So you need to reboot, and then you would need to reboot again to allow cores again. So it's easier to reboot only once with a patched kernel...
Well on Friday you did say "I just want a quick fix for now and don't mind to upgrade again after you've released the official update, possibly with more fixes." And given that there wasn't a SuSE patched kernel available, I gave you a "quick fix". The fact that it requires a small outage just means that it isn't the best solution for anyone running a 24x7 operation. However if a 10 minute outage decreases the chance you'll get hacked then you need to weight up the pro's and con's of doing this (or not). If you aren't in such a hurry then yes, wait for the official SuSE fix! :) This vulnerability is only a problem if someone actually gains local access to your system in the first place. Of course for all you know maybe someone has already hacked your application layer and is just waiting to use this new exploit to escalate themselves!