From: Marc-Christian Petersen <m.c.p@kernel.linux-systeme.com>
Organization: Linux-Systeme GmbH
To: linux-kernel@vger.kernel.org
Subject: Re: SATA support merge in 2.4.27
Date: Fri, 16 Apr 2004 14:39:15 +0200
User-Agent: KMail/1.6.1
Cc: John Bradford <john@grabjohn.com>, Arjan van de Ven <arjanv@redhat.com>,
       Andrew Morton <akpm@osdl.org>,
       Marcelo Tosatti <marcelo.tosatti@cyclades.com>
References: <Pine.LNX.4.10.10404160259480.22035-100000@master.linux-ide.org> <20040416102820.GD14796@devserv.devel.redhat.com> <200404161237.i3GCb9Jf000164@81-2-122-30.bradfords.org.uk>
In-Reply-To: <200404161237.i3GCb9Jf000164@81-2-122-30.bradfords.org.uk>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200404161439.15102@WOLK>
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1091
Lines: 25

On Friday 16 April 2004 14:37, John Bradford wrote:

Hi,

> > > A valid point, but last time I checked, there were known exploits that
> > > had been fixed in 2.4 but not in 2.6.
> > maybe you should check again and report what you find because I for sure
> > can't think of any.

> I honestly don't have the time to go through the archives at the moment,
> and having been busy, I could well have missed any fixes that have gone in
> during the last couple of releases, but I am 99% sure that Alan identified
> a couple of local root exploits around 2.6.0 that had been fixed in 2.4 but
> never applied to 2.6.

well, last time I checked that (some weeks ago), also reading must-fix.txt, 
all 2.4 security fixes are in 2.6 now too. IMHO we should update must-fix.txt 
so it does not tell there are 60-70 security vulns not fixed yet.

ciao, Marc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/