• [^] # Les différences

    Posté par . En réponse à la dépêche DMCA, quand tu nous tiens. Évalué à 5.

    > Yes, that is exactly why i wouldn't deploy it in
    > any mission critical environment.

    --- linux-2.2.19/fs/exec.c Mon Mar 26 07:13:23 2001
    +++ linux/fs/exec.c Tue Oct 9 05:00:50 2001
    @@ -552,12 +645,11 @@
    }

    /*
    - * We mustn't allow tracing of suid binaries, unless
    - * the tracer has the capability to trace anything..
    + * We mustn't allow tracing of suid binaries, no matter what.
    + *** There's nothing wrong with allowing root to ptrace
    + *** a setuid-binary. Allowing a process to elevate it's
    + *** privileges while continuing to ptrace another, OTOH,
    + *** isn't really a bright idea. --rw
    */
    static inline int must_not_trace_exec(struct task_struct * p)
    {
    - return (p->flags & PF_PTRACED) && !cap_raised(p->p_pptr->cap_effective, CAP_SYS_PTRACE);
    + return (p->flags & PF_PTRACED);
    }

    /*

    But I suppose that your mission is that critical that you
    cannot be bothered with following bugtraq. That 'someone'
    stumbled over */../*/../* & friends again isn't really news
    either.

    Luckily, this would only DoS a Linux-based system and
    even the BSD libc, which had contained internal overflows
    leading to possible root compromises this way since ten
    years ago (whatever), has been fixed 'somewhen' around the
    first quarter of 2001.

    > If i don't like it i don't have to use it. That's exactly
    > my point. I won't be using it.

    WTF cares?

    > FreeBSD and Solaris don't have wacky political
    > agendas attached.

    Except yours, of course.