SECURITY: glibc local root exploit

Gerard Beekmans gerard at linuxfromscratch.org
Mon Sep 4 06:09:29 PDT 2000


> > I don't have the time to take a closer look, but I think we should
> > take it seriously...
>
> As I'm reading BUGTRAQ (and am recommending this to everyone) day by day,
> i wouldn't take this too seriously.
> It's only a local problem and there wasn't seen any working exploit yet.
> There should be no problem if you can trust your local accounts. I wouldn't
> complain against using this fix, but I can see no actual need.

I just downloaded the file and I'll have a look at it later. Perhaps that 
patch file needs to be patched as well since, at first glance, it appears to 
have specific Debian entries (like paths).

If it's important or not: well it is a security bug. Even though no exploits 
have been reported it doesn't hurt to prevent them if a proper patch has been 
created. Might as well use it I think.

-- 
Gerard Beekmans
www.linuxfromscratch.org

-*- If Linux doesn't have the solution, you have the wrong problem -*-





More information about the lfs-dev mailing list