nanog mailing list archives
RE: update
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Sat, 27 Sep 2014 22:57:53 -0600
This is another case where a change was made. If the change had not been made (implement the new kernel) then the vulnerability would not have been introduced. The more examples people think they find, the more it proves my proposition. Vulnerabilities can only be introduced or removed through change. If there is no change, then the vulnerability profile is fixed.
-----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Saturday, 27 September, 2014 22:47 To: Jay Ashworth Cc: NANOG Subject: Re: update On Sat, 27 Sep 2014 21:10:28 -0400, Jay Ashworth said:I haven't an example case, but it is theoretically possible.The sendmail setuid bug, where it failed to check the return code because it was *never* possible for setuid from root to non-root to fail... ... until the Linux kernel grew new features.
Current thread:
- Re: update, (continued)
- Re: update Jim Gettys (Sep 26)
- RE: update Keith Medcalf (Sep 26)
- Re: update Jay Ashworth (Sep 27)
- Re: update Jimmy Hess (Sep 27)
- RE: update Keith Medcalf (Sep 27)
- Re: update Kenneth Finnegan (Sep 28)
- RE: update Keith Medcalf (Sep 27)
- Re: update Valdis . Kletnieks (Sep 28)
- RE: update Keith Medcalf (Sep 27)
- Re: update Valdis . Kletnieks (Sep 27)
- RE: update Keith Medcalf (Sep 27)
- Re: update Jimmy Hess (Sep 28)
- RE: update Keith Medcalf (Sep 28)
- Re: update Jay Ashworth (Sep 28)
- Re: update Barry Shein (Sep 29)
- Re: update Valdis . Kletnieks (Sep 29)
- Re: update Jay Ashworth (Sep 28)
- Re: update William Herrin (Sep 27)
- RE: update Keith Medcalf (Sep 28)
- Re: update Valdis . Kletnieks (Sep 28)
- RE: update Keith Medcalf (Sep 28)