Drake users read!!!

[jkrohn]

For those that are not on the security mailing list.

Quote:

This is an urgent message for all 9.1 users. Please back out of the 24mdk
kernel update and downgrade to 18mdk or 13mdk as soon as you are able. A
problem exists in all kernels (except kernel-secure) where newly created
files are created mode 0666 (world writeable) on any filesystem other than
XFS, including remote NFS mounts.

We are working hard to attempt to get this problem corrected with new
kernels available in the next 24-48hrs.

Thank you.

--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

Jkrohn

[vass0922]

wow!
Now THAT is a security bug!

at least it didnt' change it 777
although may as well at that point cause that system is gonna get hosed!

Knew there had to be a reason other than laziness why I didn't upgrade from 18mdk.

[jkrohn]

Nothing will get hosed because of this. This is only quite a security risk, and anyone who is serving any kind of remote access should downgrade. Anyone else should be fine, as long as you don't have any net services going.

Jkrohn

[nukes]

What a hole!
That'll be embarrasing.
jkrohn: maybe nothing immediatley, but it opens the system up almost as much as windows does, by allowing every program or user to write anywhere on the drive. (not so bad on NTFS-based systems with permissions enabled and set up though)
vass0922: At least it didn't change it to 877 (SUID root) you mean

[Germ]

Quote:

Originally posted by nukes
vass0922: At least it didn't change it to 877 (SUID root) you mean

I'm pretty sure he meant 777. That makes it world-writeable.

[ArcticFox]

I guess every OS has it's bad days. This is probably the biggest security breach Linux has had yet, am I wrong?

[Germ]

Mandrake has posted kernel 0.25 which fixes the vulnerability.