[rsbac] Bugfixing the kernel uselib vulnerability

[Amon Ott]

On Mittwoch 12 Januar 2005 11:29, Andrea Pasquinucci wrote:
> On Mon, Jan 10, 2005 at 05:01:52PM +0100, Amon Ott wrote:
> * The pre-patched RSBAC kernels do not contain third party fixes, it 
is 
> * impossible to maintain all these patches here!
> 
> I perfectly understand your point, but this creates sometimes a 
problem
> for people like me. Little explanation, I do not have the time right 
now
> to try to patch the kernel (2.6.10 or 2.4.28) with the security 
fixes,
> then try to patch it with rsbac and if succesfull try to compile and 
if
> succesful try it on a machine just to discover that it crashes 
(kernel
> panic on boot). Obviously I did something wrong... But I do not have 
the
> time right now to do anything else, so I have to decide if to keep a
> buggy kernel with rsbac or to use a patched vendor kernel without 
rsbac.
> Today I decided for the vendor kernel and to wait until there will 
be a
> patched rsbac kernel (hopefully with 2.6.11).
> 
> I suspect that there are many in my situation. So I have a 
suggestion,
> can we try to produce pre-patched RSBAC kernel with the main 
security
> fix ? If we are in at least a few in my situation is also silly that 
all
> of us do the same thing (try to apply the security fix) whereas by
> sharing the result we would help each other out.

One thing we could do is to have another subversion tree, which 
includes all RSBAC and third party security bugfixes, and which gets 
rolled into a complete kernel after every change.

We would really need people maintaining this tree and testing it, 
though.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: nicht verf?gbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20050112/b01e1048/attachment.bin