[ Thanks to Kevin
Reichard for this link. ]
“I don’t wish to sound too much like someone pontificating from
the mount, but there’s a serious problem in the Linux world that
every Linux user on the Internet must address.”
“To wit: last week the sendmail.org team discovered a serious
bug in the Linux kernel that existed in all kernels up to version
2.2.15. The flaw occurs via the setuid command, affecting programs
that drop setuid state and rely on losing saved setuid. In fact,
according to Linux kernel developer Alan Cox, it affected programs
that merely checked the setuid call.”
“…How the Linux community responded to this bug is
illustrative of how the Open Source model is superior to the
proprietary method of developing–or, rather,
protecting–software. The bug was discovered by the Wojciech
Purczynski, who posted information about it to the influential
BugTraq Web site; it wasn’t discovered after someone’s important
Linux site was hacked via this method. Using this information, Alan
Cox patched the kernel and the sendmail team released a new
version. (In other words, the Linux community was proactive, rather
than reactive.) After the bug was verified, word was sent out via
the Linux online community; I suspect that most of you have already
seen something about this on Linux Today or Linux.com.”