On Thu, Apr 26, 2001 at 03:41:49PM +0200, Florian Weimer wrote:
> Johnny Cyberpunk * <[EMAIL PROTECTED]> writes:
> > The LSD Team has found this bug in the ARGUS System. Know since January
> > 2001, found by a NETBSD-Team and fixed very earlier than SUN has.
> > SUN fixed it primal on 17.04.2001 and ARGUS hasn't patched it.
>
> Has anybody looked at the LDT modification syscall in the Linux
> kernel?
I did, and wrote this in a private discussion a few days ago:
| I've checked the implementation of modify_ldt(2) on Linux 2.0 and 2.2
| after the NetBSD advisory was released (the next day, actually) and
| posted my comments to security-audit:
|
| http://marc.theaimsgroup.com/?l=linux-security-audit&m=98237041708897
|
| Basically, this instance of the vulnerability doesn't affect Linux and
| I'm not aware of another which would, but the code could be made safer.
|
| Of course, it would be nice if someone double-checks this.
Matt Chapman has independently reviewed the same code now (thanks!)
--
/sd
