[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

update

Subject: update
From: kmedcalf at dessus.com (Keith Medcalf)
Date: Sat, 27 Sep 2014 22:57:53 -0600
In-reply-to: <[email protected]>

This is another case where a change was made.

If the change had not been made (implement the new kernel) then the vulnerability would not have been introduced.

The more examples people think they find, the more it proves my proposition.  Vulnerabilities can only be introduced or removed through change.  If there is no change, then the vulnerability profile is fixed.

>-----Original Message-----
>From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of
>Valdis.Kletnieks at vt.edu
>Sent: Saturday, 27 September, 2014 22:47
>To: Jay Ashworth
>Cc: NANOG
>Subject: Re: update
>
>On Sat, 27 Sep 2014 21:10:28 -0400, Jay Ashworth said:
>
>> I haven't an example case, but it is theoretically possible.
>
>The sendmail setuid bug, where it failed to check the return code
>because it was *never* possible for setuid from root to non-root to
>fail...
>... until the Linux kernel grew new features.

Follow-Ups:
- update
  - From: mysidia at gmail.com (Jimmy Hess)
- update
  - From: jra at baylink.com (Jay Ashworth)

References:
- update
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

Prev by Date: update
Next by Date: update
Previous by thread: update
Next by thread: update
Index(es):
- Date
- Thread