[rsbac] Bugfixing the kernel uselib vulnerability

Amon Ott ao at rsbac.org
Wed Jan 12 15:08:17 CET 2005

On Mittwoch 12 Januar 2005 11:29, Andrea Pasquinucci wrote:
> On Mon, Jan 10, 2005 at 05:01:52PM +0100, Amon Ott wrote:
> * The pre-patched RSBAC kernels do not contain third party fixes, it 
> * impossible to maintain all these patches here!
> I perfectly understand your point, but this creates sometimes a 
> for people like me. Little explanation, I do not have the time right 
> to try to patch the kernel (2.6.10 or 2.4.28) with the security 
> then try to patch it with rsbac and if succesfull try to compile and 
> succesful try it on a machine just to discover that it crashes 
> panic on boot). Obviously I did something wrong... But I do not have 
> time right now to do anything else, so I have to decide if to keep a
> buggy kernel with rsbac or to use a patched vendor kernel without 
> Today I decided for the vendor kernel and to wait until there will 
be a
> patched rsbac kernel (hopefully with 2.6.11).
> I suspect that there are many in my situation. So I have a 
> can we try to produce pre-patched RSBAC kernel with the main 
> fix ? If we are in at least a few in my situation is also silly that 
> of us do the same thing (try to apply the security fix) whereas by
> sharing the result we would help each other out.

One thing we could do is to have another subversion tree, which 
includes all RSBAC and third party security bugfixes, and which gets 
rolled into a complete kernel after every change.

We would really need people maintaining this tree and testing it, 

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : nicht verf?gbar
Dateityp    : application/pgp-signature
Dateigr??e  : 189 bytes
Beschreibung: nicht verf?gbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20050112/b01e1048/attachment.bin

More information about the rsbac mailing list