Security flaws force Linux kernel upgrade

CNET News.com ^ | January 5, 2004 | Robert Lemos

[Bush2000]

Security flaws force Linux kernel upgrade
Last modified: January 5, 2004, 11:34 AM PST
By Robert Lemos
Staff Writer, CNET News.com

Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws.

The 2.4.24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws.

The release is intended to prompt users to upgrade quickly, said Marcelo Tosatti, the maintainer of the 2.4 kernel series and a Linux developer for data center management company Cyclades.

"These security issues need to be fixed as soon as possible," Tosatti told CNET News.com in an interview Monday. As maintainer, Tosatti decides what changes can be made to the kernel and when to release new versions of the core system software for Linux.

The most serious flaw, which occurs in a function used by virtual memory, resembles a vulnerability fixed in late November that had been exploited by unknown attackers to control several key Linux servers open-source developers use. Both flaws allow an intruder to increase the privileges of a normal user account to the same level as the system's owner.

[Bush2000]

It's a dessert topping. No, a floor wax. No, wait! It's just crappy software!

[Support Free Republic]

[GeronL]

someday, someday you will see! when we are using laser computers with crystals as hard drives... we won't use any O/S.... oh....

[E=MC²]

What happens when MSFT releases its next version of Windows and "free" linux is automatically relegated to catch-up mode?

[Petronski]

It's a dessert topping. No, a floor wax. No, wait! It's just crappy software!

Microsoft isn't mentioned anywhere in your post--therefore you have made a horrible mistake.

[Petronski]

laser computers with crystals as hard drives

I'm sure Windows will need about 36 hours to format one of those.

[Bush2000]

Microsoft isn't mentioned anywhere in your post--therefore you have made a horrible mistake.

Don't quit yer day job, pal...

[GeronL]

Microsoft will probably be the ones selling the F'kerry things! =o)

[Petronski]

So, you really believe any criticism of Microsoft is worthy of abuse, but any criticism of Linux or Apple (or any other non-Microsoft product) is Truth.

You are about one step away from selling flowers outside the shopping mall on Sunday evening.

Stop drinking the Kool-aid, no company or software is perfect.

[Bush2000]

Stop drinking the Kool-aid, no company or software is perfect.

No kidding. If you've been paying attention, I've been saying that all along...

[non-anonymous]

Apparently you've never experienced the joy of compiling your own customized low-latency kernel... and having it work. :)

For the price of old parts lying around my house (Cost: $0.00) I built a rather nice multi-track audio recording studio (plus audio/video digital mixer) from scratch. It's not quite as good as studios I've recorded at, but it's not bad for not having spent tens of thousands of dollars. I also do development work on a graphics engine of my own design, which I can't do with any ease on Windows. It's nice to have the kernel source to work with.

Yup, "crappy".

[Bush2000]

Apparently you've never experienced the joy of compiling your own customized low-latency kernel... and having it work. :)

Yeah, I'm too busy earning a living, hanging out with my wife and friends, and playing with my kids. Go figure. I'd rather have a life than compile a crappy kernel. Silly me.

[Justa]

Ringing Trolling in the New Year?

[Bush2000]

Me? Troll?

[Myrddin]

Yeah, I'm too busy earning a living, hanging out with my wife and friends, and playing with my kids. Go figure. I'd rather have a life than compile a crappy kernel. Silly me.

I was making a good living writing device drivers for HP_UX and SunOS long before Linus began twiddling the first bits of Linux code. The last thing I wanted to do at home was spend all night fixing a "work in progress" public domain UN*X clone. Windows worked out of the box for writing documentation, spreadsheets and printing. All the stuff UN*X did poorly.

I run mixed environments today. Windows for end-user clients and .Net services. Linux for low cost Apache+MySQL based websites. The pending end of the "free" numbered RedHat releases will likely result in scrubbing my RH 8.0 system and making it a development system for my QNX 6.2.1 contracts.

BTW, thanks for the .Net Compact Framework pointer last year. The locomotive engineer interface that runs on Windows 2000/XP ported smoothly to run on the HP5555 using the .Net Compact Framework. This year's contracts include a new series of locomotive embedded systems based on embedded XP. The .Net based display will just drop-in and share the 802.11b network on the locomotive.

[Justa]

I think it's kind of funny you'd post an article about "Linux security flaws" when Windows XP SP2 is 220 MBs of security patches and won't be out for another 6 months. 3 years for SP2? You'd think a company with a 92% market share would consider security and timeliness to be higher priorities. Then again maybe not....

And it's being challenged by what, some pipsqueak, free software made by a bunch of volunteers?.

[Bush2000]

I think it's kind of funny you'd post an article about "Linux security flaws" when Windows XP SP2 is 220 MBs of security patches and won't be out for another 6 months.

Imagine, the nerve of those people: actually beta testing the code before releasing it...

[Bush2000]

BTW, thanks for the .Net Compact Framework pointer last year.

Glad to help. Sounds like a very interesting project.

[Rifleman]

Yawn....

Yah, sure Linux has lousy security. What OS are the thousands of spam relay zombies running? And I have had to remove exactly one root kit from a linux machine but I have removed viri and worms (not to mention various types of scumware/spyware/malware) from hundreds of Windows machines. And my experience runs from Yggdrasil Linux and the original, unusable Windows 1.0 to current versions.

No OS has perfect security, but Windows, though improving is a security disaster.

[Musket]

If this is the same issue that was posted yesterday then - as I understand it - it doesn't really affect desktop users - like myself.