[plug] Is Red hat truly flawed?

[Christian]

On Tue, May 02, 2000 at 12:20:01PM +0800, Bret Busby wrote:
> 
> I have just found the folowing news item, at
> http://www.australianit.com.au/common/storyPage/0,3811,633573%255E442,00.html
> Does anyone know whther this is genuine, or, just a hoax?

Obviously the journalist believes it.  There are no details though and
no indication of the real nature of the problem.  I haven't been
following BUGTRAQ et al closely lately so I'm not sure if it has been
discussed on there or not.

> I understood that a single version of each release of the Linux kernel,
> existed, and that it had to be approved by Linus Torvalds, before it
> could be officially released. Am I wrong in my understanding?

Sort of.  There is one official release of the Linux kernel source code
approved by Linus but the binary images of the kernel distributed with
different distributions may be configured different ways with varying
support.  Additionally many patch the original kernel and distribute it
in that way.

I vaguely remember Adam Todd from a few years back where he was
proposing some hairbrained DNS scheme... popular opinion at that time
was that he was not necessarily the brightest star in the sky.  Looking
at the article there seems to be a few odd things about what he's said.
For example "This allows me to gain the highest level of user privileges
within the kernel itself" is something of a contradiction in terms since
the kernel, by it's very nature, is not part of userland.  Also when he
says that the flaw is "beyond the normal hacker" that sounds rather odd
-- even very sophisticated security flaws can be automated and exploited
by virtually anyone.  You'll rarely find someone who has genuine
security expertise making statements along the lines of "this is so
advanced and hard to understand that it's not really worth worrying too
much about".

Still, it will be interesting if/when details about this issue become
available.

Regards,

Christian.