Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#14317 - Security hole in Kernel without CONFIG_STRICT_DEVMEM=y
Attached to Project:
Arch Linux
Opened by F.Di Milia (PyCoder) - Friday, 17 April 2009, 09:58 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 17 April 2009, 10:10 GMT
Opened by F.Di Milia (PyCoder) - Friday, 17 April 2009, 09:58 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 17 April 2009, 10:10 GMT
|
DetailsDescription:
Security hole in kernel without CONFIG_STRICT_DEVMEM=y. Anthony Lineberry has found a method to use a rootkit with /dev/mem. More informations: http://dtors.org/index/code-injection-via-dev-mem Please set CONFIG_STRICT_DEVMEM by default on, to fix this security hole. Steps to reproduce: Allaways |
This task depends upon
Closed by Pierre Schmitz (Pierre)
Friday, 17 April 2009, 10:10 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#14263
Friday, 17 April 2009, 10:10 GMT
Reason for closing: Duplicate
Additional comments about closing:
Comment by Pierre Schmitz (Pierre) -
Friday, 17 April 2009, 09:59 GMT
Sure, but you need to be root to do this, right? So this can only be used to hide that a system is compromised.