[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
- To: Florian Weimer <fw@deneb.enyo.de>
- Subject: Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
- From: Cedric Blancher <blancher@cartel-securite.fr>
- Date: Tue, 02 Dec 2003 08:37:54 +0100
Le lun 01/12/2003 à 23:58, Florian Weimer a écrit :
> Does this mean that the vendor-sec concept has failed, or that there is
> a leak on that list? Or is this just an issue which is very specific to
> Linux and its maintainer situation?
This just means that vendors are using network and systems just like any
other company and they're so exposed to the same risks. And sometimes,
they get compromised. I don't think this kind of issue is vendor
specific or Linux specific. MS and more recently Valve we're stolen code
after a compromission as an example, or OpenSSH trojaned code last year.
That points the necessity of checking packages signatures when
installing/updating packages, as shit sometimes happens.
I really like Debian complete transparency to people, using their distro
or not, following this intrusion and communication around analysis that
leads to this alert.
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html