Subject: Re: zlib and linux kernel
From: Arthur Corliss (arthur@corlissfamily.org)
Date: Sun Mar 17 2002 - 11:03:13 AKST
On Sat, 16 Mar 2002, David Edge wrote:
>
> Has anyone fiqured out yet what we should do about the zlib issue
> and the linux kernel? I know that several vendors are releasing
> 'patched' kernels for their distros, but I'm sure a lot of us roll our
> own kernel. I thought that upgrading the libraries and re-compiling
> would do the trick, but the more I read the more I doubt that will do
> it. And 2.4.19 has been around the corner for a long time now.
I'm not sure the kernel's usage of zlib is apart from the kernal image
compression, so I won't comment on that. On the application side, the only
ones you need to worry about are those that are either run under (or set suid
to run under) privileged accounts. For those that are dynamically linked,
replacing the shared libraries should do the trick. For those that are
statically linked, you need to recompile the application itself. Patching
everything on the system that links to zlib needs to happen eventually, but
the biggest threats are those that I just mentioned.
Anyone hear of any specific kernel vulnerabilities because of zlib?
--Arthur Corliss
Bolverk's Lair -- http://arthur.corlissfamily.org/
Digital Mages -- http://www.digitalmages.com/
"Live Free or Die, the Only Way to Live" -- NH State Motto
This archive was generated by hypermail 2a23 : Sun Mar 17 2002 - 10:55:39 AKST