19 Jan
2005
19 Jan
'05
10:37
On Mon, Jan 10, 2005 at 05:03:36PM +0100, Frank Steiner wrote:
Hi,
not meaning to spam you with quotes from heise ;-) But I'm not able to judge if the issues pointed out here http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.ht... are indeed serious or not. Some people on the lkml say they are not, others say they are. And I have no idea :-)
Are you working on fixes for the SuSE kernel or do you think the problems are not as severe as they sound when reading the heise news or the grsecurity advisory?
They are mostly vapour. The RLIMIT_MEMLOCK problem is the only actual problem. That there are some missing checks for copy_from_user is however a fact and the kernel itself will need to be closer audited. Ciao, Marcus