While browsing recent posts from the LKML I noticed one from Lee Revell (see this bug's URL field). Here's some more information: * http://lkml.org/lkml/2004/12/28/116 Lee's follow-up to his original post. * http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html A bugtraq post which details the flaw in more detail. * http://mithra.immunix.com/pipermail/linux-security-module/2004-December/5769.html A post on the linux-security-module list containing a patch that apparently fixes the flaw. Apparently, this is something that was discovered some time ago and a patch was prepared at that time; accordingly, the bugtraq report looks very similar to a report that was filed some time ago. The folks on the linux-security-module list didn't seem overly certain as to whether (a) the flaw was genuine (b) it came about as a result of the patch not making it in the first time. In any case, it's been corroborated at least once so I thought I'd pass this on.
Created attachment 47888 [details, diff] Patch
gentoo-dev-sources done
~x86 hardened-dev-sources-2.6.10 patched
Following externally maintained-sources need patching: hppa-sources -- Adding GMSoft... mips-sources -- Adding `Kumba... pegasos-sources -- Adding dholm... rsbac-sources -- Adding kang...
pegasos-sources fixed
Fixed in hppa-sources
fixed for rsbac-sources (2.6.10-r1) (sorry for the delay again; hard isp issues lately:/)
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
KISS shows this one is all fixed: http://kiss.gentoo.org/dev/viewBug.php?BugID=75963
All fixed, closing bug.
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=d3270a94d8da4d8eecfa54a397d530e36c8df134
