Re: Security Update for 1.0.1 Installer

To:	stimits@xxxxxxxxxx
Subject:	Re: Security Update for 1.0.1 Installer
From:	Steve Lord <lord@xxxxxxx>
Date:	Fri, 03 Aug 2001 13:34:36 -0500
Cc:	linux-xfs@xxxxxxxxxxx
In-reply-to:	Message from "D. Stimits" <stimits@xxxxxxxxxx> of "Fri, 03 Aug 2001 12:22:17 MDT." <3B6AEBD9.63F26EEE@xxxxxxxxxx>
Sender:	owner-linux-xfs@xxxxxxxxxxx

> Eric Sandeen wrote:
> > 
> > If you have installed, or plan to install, any systems using
> > the XFS 1.0.1 installer, please read the following message.
> > 
> > It was recently discovered that due to a bug* in the underlying
> > Linux kernel, the permissions of several system configuration
> > files created at install time are world-writeable, which poses
> > a security risk.
> > 
> > This bug is not XFS-related, and will exhibit itself on an
> > ext2-only install from the XFS 1.0.1 iso as well.
> 
> I think I may have seen this at one point on the kernel dev list (or
> something related), but can't recall exactly. I'm curious if the kernel
> people know about this yet, or maybe have already fixed it for later
> kernels?

I think it was fixed by around 2.4.7

 Steve


> 
> D. Stimits, stimits@xxxxxxxxxx
>

<Prev in Thread]	Current Thread	[Next in Thread>
Security Update for 1.0.1 Installer, Eric Sandeen Re: Security Update for 1.0.1 Installer, D. Stimits Re: Security Update for 1.0.1 Installer, Steve Lord <= Re: Security Update for 1.0.1 Installer, Bernhard R. Erdmann Re: Security Update for 1.0.1 Installer, Eric Sandeen

Previous by Date:	Re: Security Update for 1.0.1 Installer, D. Stimits
Next by Date:	Re: Security Update for 1.0.1 Installer, Bernhard R. Erdmann
Previous by Thread:	Re: Security Update for 1.0.1 Installer, D. Stimits
Next by Thread:	Re: Security Update for 1.0.1 Installer, Bernhard R. Erdmann
Indexes:	[Date] [Thread] [Top] [All Lists]