On Tue, Dec 02, 2003 at 01:09:31AM -0800, Eric Cordian wrote:
An interesting occurrence, because it demonstrates that massive numbers of open source participants auditing the code aren't sufficient to ferret out every giant coding blunder. I don't know that I'd call it "auditing" exactly; to my knowledge, no audit as such has been undertaken with the kernel. That said, evidently, a pair of the "many eyes" did ferret this one out, about 9 weeks ago:
http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mmap.c@1.32?nav=cset@1.1148.... Unfortunately, he did not see it as critical enough to throw out security alerts and make a new release right then, so anyone with untrusted local users was completely unprotected. Including Debian, apparently. Regards, petard