SECURITY: glibc local root exploit
gerard at linuxfromscratch.org
Mon Sep 4 06:09:29 PDT 2000
> > I don't have the time to take a closer look, but I think we should
> > take it seriously...
> As I'm reading BUGTRAQ (and am recommending this to everyone) day by day,
> i wouldn't take this too seriously.
> It's only a local problem and there wasn't seen any working exploit yet.
> There should be no problem if you can trust your local accounts. I wouldn't
> complain against using this fix, but I can see no actual need.
I just downloaded the file and I'll have a look at it later. Perhaps that
patch file needs to be patched as well since, at first glance, it appears to
have specific Debian entries (like paths).
If it's important or not: well it is a security bug. Even though no exploits
have been reported it doesn't hurt to prevent them if a proper patch has been
created. Might as well use it I think.
-*- If Linux doesn't have the solution, you have the wrong problem -*-
More information about the lfs-dev