On Tue, 02 Dec 2003, Michael Stone wrote: > On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote: > >I want to chime in here also, I too was unhappy that I did not know > >about a local root exploit in 2.4.22 until the Debian machines were > >compromised in this manner. I think a lot of people were in the same > >boat (not to mention the debian folks). I watch kerneltrap, kernel > >traffic, and slashdot fairly regularly for these purposes, and I did > >not see anything of this sort come through, otherwise I would have > >patched immediately (which is what I did last night when I received > >the information). > > What do you want? It was a mistake. It happens. Deal with it. If people > had realized it was an exploit it would have been dealt with > differently.
I was lead to believe that it was a known exploit in the kernel, based on what you say above I may be wrong. If so, then I would definately change my tune. I dont expect people to announce security holes if they don't know about them. micah