LinuxPlanet: Editor's Note: Action, not ReactionJun 12, 2000, 11:38 (5 Talkback[s])
(Other stories by Kevin Reichard)
[ Thanks to Kevin Reichard for this link. ]
"I don't wish to sound too much like someone pontificating from the mount, but there's a serious problem in the Linux world that every Linux user on the Internet must address."
"To wit: last week the sendmail.org team discovered a serious bug in the Linux kernel that existed in all kernels up to version 2.2.15. The flaw occurs via the setuid command, affecting programs that drop setuid state and rely on losing saved setuid. In fact, according to Linux kernel developer Alan Cox, it affected programs that merely checked the setuid call."
"...How the Linux community responded to this bug is illustrative of how the Open Source model is superior to the proprietary method of developing--or, rather, protecting--software. The bug was discovered by the Wojciech Purczynski, who posted information about it to the influential BugTraq Web site; it wasn't discovered after someone's important Linux site was hacked via this method. Using this information, Alan Cox patched the kernel and the sendmail team released a new version. (In other words, the Linux community was proactive, rather than reactive.) After the bug was verified, word was sent out via the Linux online community; I suspect that most of you have already seen something about this on Linux Today or Linux.com."