[Leaplist] major bug found in Linux to give root access
tountrusted users...
Bryan J Smith
b.j.smith at ieee.org
Thu Nov 5 13:46:48 EST 2009
Pretty much the only systems that seem to be affected are
those that have WINE installed and if the package reconfigures
the tunable when it is installed.
--
Bryan J Smith - mailto:b.j.smith at ieee.org
http://www.linkedin.com/in/bjsmith
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: Steve Litt <slitt at troubleshooters.com>
Date: Thu, 5 Nov 2009 13:17:21
To: This is the Leap Main List<leaplist at leap-cf.org>
Subject: Re: [Leaplist] major bug found in Linux to give root access to
untrusted users...
Whatever the reason, that's the default on my Ubuntu 9.04 32bit. I haven't
messed with it, and it's 65536.
SteveT
On Thursday 05 November 2009 12:36:16 Derek Konigsberg wrote:
> Maybe the new setting was chosen based on memory alignment / page-size
> issues...
>
> -Derek
>
> On Thu, 5 Nov 2009, Richard F. Ostrow Jr. wrote:
> > All I'm saying is (a) know the system, and what it means, and (b) have a
> > reason for setting it where you set it. 4096 is the default in recent
> > kernel sources from kernel.org, and as such I can see that as valid.
> > 65536, on the other hand, makes no sense to me whatsoever. It's either
> > zero or non-zero, and the lower the better.
> >
> > On Thu, November 5, 2009 12:17 pm, Edward Guldemond wrote:
> >> On Thu, Nov 5, 2009 at 9:23 AM, Richard F. Ostrow Jr.
> >>
> >> <rich at warfaresdl.com> wrote:
> >>> Yep - and if you take it high enough, you're also safe from using mmap
> >>> at all.
> >>
> >> Well, given that this is a memory address, if you set vm.mmap_min_addr
> >> to 4096, you've now set aside 4K of RAM. Set it to 65536, and you've
> >> set aside 64K of ram. I think that's nothing to be concerned about.
> >>
> >> --
> >> Ed
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> _______________________________________________
> >> Leaplist mailing list
> >> Leaplist at leap-cf.org
> >> http://lists.leap-cf.org/mailman/listinfo/leaplist
> >
> > --
> > Life without passion is death in disguise
> >
> >
> > -----------------------------------------
> > This email was sent using SquirrelMail.
> > "Webmail for nuts!"
> > http://squirrelmail.org/
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > _______________________________________________
> > Leaplist mailing list
> > Leaplist at leap-cf.org
> > http://lists.leap-cf.org/mailman/listinfo/leaplist
>
> ----------------------------
> Derek Konigsberg
> dkonigsberg at logicprobe.org
> ----------------------------
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Leaplist mailing list
Leaplist at leap-cf.org
http://lists.leap-cf.org/mailman/listinfo/leaplist
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list