Silly Linux Kernel Bug
petard
petard at freeshell.org
Tue Dec 2 06:59:13 PST 2003
On Tue, Dec 02, 2003 at 01:09:31AM -0800, Eric Cordian wrote:
> An interesting occurrence, because it demonstrates that massive numbers of
> open source participants auditing the code aren't sufficient to ferret out
> every giant coding blunder.
I don't know that I'd call it "auditing" exactly; to my knowledge, no
audit as such has been undertaken with the kernel. That said, evidently,
a pair of the "many eyes" did ferret this one out, about 9 weeks ago:
http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mmap.c@1.32?nav=cset@1.1148.2.2
Unfortunately, he did not see it as critical enough to throw out
security alerts and make a new release right then, so anyone with
untrusted local users was completely unprotected. Including Debian,
apparently.
Regards,
petard
More information about the cypherpunks-legacy
mailing list