[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Update for 1.0.1 Installer

To: stimits@idcomm.com
Subject: Re: Security Update for 1.0.1 Installer
From: Steve Lord <lord@sgi.com>
Date: Fri, 03 Aug 2001 13:34:36 -0500
Cc: linux-xfs@oss.sgi.com
In-reply-to: Message from "D. Stimits" <stimits@idcomm.com> of "Fri, 03 Aug 2001 12:22:17 MDT." <3B6AEBD9.63F26EEE@idcomm.com>
Sender: owner-linux-xfs@oss.sgi.com

> Eric Sandeen wrote:
> > 
> > If you have installed, or plan to install, any systems using
> > the XFS 1.0.1 installer, please read the following message.
> > 
> > It was recently discovered that due to a bug* in the underlying
> > Linux kernel, the permissions of several system configuration
> > files created at install time are world-writeable, which poses
> > a security risk.
> > 
> > This bug is not XFS-related, and will exhibit itself on an
> > ext2-only install from the XFS 1.0.1 iso as well.
> 
> I think I may have seen this at one point on the kernel dev list (or
> something related), but can't recall exactly. I'm curious if the kernel
> people know about this yet, or maybe have already fixed it for later
> kernels?

I think it was fixed by around 2.4.7

 Steve


> 
> D. Stimits, stimits@idcomm.com
>

References:
- Re: Security Update for 1.0.1 Installer
  - From: "D. Stimits" <stimits@idcomm.com>

Prev by Date: Re: Security Update for 1.0.1 Installer
Next by Date: Re: Security Update for 1.0.1 Installer
Previous by thread: Re: Security Update for 1.0.1 Installer
Next by thread: Re: Security Update for 1.0.1 Installer
Index(es):
- Date
- Thread