On Wed Jul 23, 2003 at 04:46:09PM -0700, Bryan Whitehead wrote: > >Ok. Did a little playing here, using /var/lock/subsys/* as my > >determination > >point. > > > >kernel: everything world writeable > >kernel-secure: normal perms (most everything world readable except syslog > >IIRC) > >kernel-enterprise: normal perms > > Enterprise is broken also. Please see my previous post.
I did. And after looking and it and testing here (and getting secteam to do some quick testing) we came to the conclusion that kernel-secure and any fs *or* any kernel and XFS are ok... for the rest, bad news. > Also, it doesn't seem to be only reiserfs related. NFS has the problem > also when no reiserfs is on the system. > > XFS filesystems do not seem to have this problem. Yes. > As I said before, I can rekickstart some test machines with any combo of > filesystems to test. I'm willing to test new kernels. At this point, we're waiting. I had no hand in the kernel updates beyond testing and coordination. The kernel folks did all the work on it and I can't tell from the changelog where the problem may have been introduced, nor can I determine from the many and varied patches where it may have creeped in. We're waiting for Juan to wake up and take a gander at it. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature