Re: notes for 2023 release

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: notes for 2023 release

From:	Sergey Bugaev
Subject:	Re: notes for 2023 release
Date:	Sat, 10 Jun 2023 19:06:35 +0300

Hello,

On Sat, Jun 10, 2023 at 12:47 PM Samuel Thibault
<samuel.thibault@gnu.org> wrote:
> Do you think about anything else to announce?

Not an announcement, but please consider backporting
346b6eab3c14ead0b716d53e2235464b822f48f2 "hurd: Run init_pids ()
before init_dtable ()" if it's not too late (or doing it after release
if it is too late). This was an important fix; currently ctty handling
is completely broken in Debian.

Maybe mention the 'setauth (19)' vulnerability getting fixed? (For
anyone who's not heard of this: yes, it was that easy to get root
access. This was the fifth major vulnerability that I reported.)

Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

notes for 2023 release, Samuel Thibault, 2023/06/10
- Re: notes for 2023 release, Sergey Bugaev <=
  - Re: notes for 2023 release, Samuel Thibault, 2023/06/11
    - Re: notes for 2023 release, Sergey Bugaev, 2023/06/11
    - Re: notes for 2023 release, Samuel Thibault, 2023/06/11

Prev by Date: Re: 64bit startup
Next by Date: Re: [PATCH v3 2/2] Use O_IGNORE_CTTY where appropriate
Previous by thread: notes for 2023 release
Next by thread: Re: notes for 2023 release
Index(es):
- Date
- Thread