![[LWN Logo]](/images/lcorner.png)
![[Timeline]](/images/Included.png)
|
|
|
|
From: Keith Owens <kaos@ocs.com.au> To: linux-kernel@vger.kernel.org Subject: Announce: modutils 2.3.20 is available Date: Thu, 16 Nov 2000 16:56:06 +1100 Due to the recent modutils 2.3 local root exploits, anybody using modutils 2.3 should upgrade to 2.3.20. That means everybody using 2.4 kernels. The security patch to modutils 2.3.19 only closed part of the exploit, this version should close all known exploits. modutils still supports meta expansion, including back quoted commands, but only for data read from the configuration file. This assumes that when modutils is run as root out of the kernel, normal users cannot specify their own configuration files. ftp://ftp.<country>.kernel.org/pub/linux/utils/kernel/modutils/v2.3 patch-modutils-2.3.20.bz2 Patch from modutils 2.3.19 to 2.3.20 modutils-2.3.20.tar.bz2 Source tarball, includes RPM spec file modutils-2.3.20-1.src.rpm As above, in SRPM format modutils-2.3.20-1.i386.rpm Compiled with egcs-2.91.66, glibc 2.1.2 modutils-2.3.20-1.sparc.rpm My first sparc rpm, handle with care. Changelog extract * Rewrite table generation code to make it easier to add new tables. * usbmap uses zero vendor as wildcard, test more fields to find end of table. Adam J. Richter. * Off by one error in relocations. Jean-Francois Moine. * Use tgt_long to handle different sizes in combined 32/64 bit systems. Original patch by Dave Miller. * Include module type in headers of generated files. Randy Dunlap. * Add insmod -S (force kallsyms), clean up insmod parameters, man page. * Clean up messages. * Verify MODULE_PARM strings. * Check for multiple well known symbols to get prefix. * Security cleanup. Triggered by Bugtraq exploits by Michal Zalewski, Sebastian Krahmer, Chris Evans. It is still the kernel's fault for passing user data unchanged to a program running as root. * Add missing s/390 arch_finalize_section_address. Roger Luethi. * depmod -F supports strange sparc __export_priv_. Dave Miller. * Sparc64 relocation patch. Redhat (not that they bothered to tell me). * Sparc64 compile and link fixes. Me, with thanks to Dave Miller for making a machine available. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/