Eric Tully writes:
> I've heard that argument before (last time I heard it was a problem with
> a PGP implementation) and I never understand what people are trying to
> prove when they say it.
Let me simplify. I found it startling that a Redmond-level bug was in a
mature open-source project, t
At 1:09 AM -0800 12/2/03, Eric Cordian wrote:
>As reported today on Slashdot, in linux kernels prior to 2.4.23, it is
>possible to map the kernel into user space with brk(), since apparently no
>one ever bothered to check that the argument passed was in the lower 3 gig
>of the address space.
Rule
Eric Cordian wrote:
An interesting occurrence, because it demonstrates that massive numbers of
open source participants auditing the code aren't sufficient to ferret out
every giant coding blunder.
I've heard that argument before (last time I heard it was a problem with
a PGP implementation)
At 01:09 AM 12/2/03 -0800, Eric Cordian wrote:
>As reported today on Slashdot, in linux kernels prior to 2.4.23, it is
>possible to map the kernel into user space with brk(), since apparently
no
>one ever bothered to check that the argument passed was in the lower 3
gig
>of the address space.
Ques
On Tue, Dec 02, 2003 at 01:09:31AM -0800, Eric Cordian wrote:
> An interesting occurrence, because it demonstrates that massive numbers of
> open source participants auditing the code aren't sufficient to ferret out
> every giant coding blunder.
I don't know that I'd call it "auditing" exactly; to
As reported today on Slashdot, in linux kernels prior to 2.4.23, it is
possible to map the kernel into user space with brk(), since apparently no
one ever bothered to check that the argument passed was in the lower 3 gig
of the address space.
This is almost as funny as early linux kernels in which