Re: local root exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Johnny Hughes wrote:

kfx wrote:

R P Herrold wrote:

On Mon, 11 Feb 2008, kfx wrote:


The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or something. 

1. ask them

it was a question, not a troll (bis).


However, you are asking the wrong people ... we have no idea.
Also ... it *_IS_* trolling (or at least certainly silly) to post that Debain had the patch and RHEL doesn't ... so let's make RHEL be Debain. Fedora also has the patch released and RHEL doesn't ... I don't want RHEL to be Fedora either. 
hu ?
Well you are right, my question was a bit silly but this thread was closed (for me at least) yesterday with Mr Van Dolson's last intervention. Why do you come out now from nowhere like "hey troll spotted! you are silly" or what ? It's just that it is a hard time for rhel, the 1.6 NFS issue then this one. And now we are going to have to choice between being exploitable or a decent nfs support.
Maybe you are using the wrong distro ... I want stable kernels on my servers, so I'll take the extra day of testing. For people who do not want stable and tested software, switch distros.
And the "change distro" speech is quite puerile, you think we all have the choice ? or that we can switch dozen of servers like this ? I can imagine that this exploit is not dramatic for a lot of people. But in certain case, like in scholar environment, where we have a lot of untrusted user's accounts, something like this IS problematic. 

[...]
Rest assured that as soon as the upstream people have a patch, so will the CentOS team. 
And thank you for your work.
However, we are not going to rush a non tested patch out the door. There are patches listed on the upstream bug, if you (figurative ... meaning anyone who wants to not wait) really want to integrate that into your own kernels in the interim then please do. 
I did, for the record: http://people.redhat.com/dzickus/el5/
BEWARE that it will remove ALL the older kernels.

Regards,
kfx


Thanks,
Johnny Hughes

------------------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux