>Howcome I don't see a Debian security advisory about the recently-found >ptrace hole in Linux? > >Is it not really a hole? Or something? > >I think there should be an announcement even if the Debian kernels are >not vulnerable, to explain that they're not. > >Are the Debian kernels vulnerable to this hole?
At least the 2.4.19 is vulnerable. A quick patch is to put a invalid binary on /proc/sys/kernel/modprobe instead of the real modprobe binary, and then you have time to compile out your kernel without having to run... :) -- bisho! _ -=] 21/03/2003 [=- _ ^( ) _ ( ( ) ) \ \___,,, ( ) / _____ >- ( :: ) >==- '. |::| , >==- \\::// [ PACE, NOT WAR ]