One time there was a fix released, but that only meant that the fix was shown to all who would want to commit it.Originally Posted by FuturePilot
Fix Released =/= Fix Commited
Tall Cafè Ubuntu
One time there was a fix released, but that only meant that the fix was shown to all who would want to commit it.
Fix Released =/= Fix Commited
100% Pure Ubuntu
Don't you mean Fix Released != Fix Committed ? != (Not Equal)
Diaspora Handle: masternetra@diasp.org
Too much Ubuntu
Are you referring to bugs that are linked from upstream bug trackers in launchpad? If so, then yes sometimes those can be marked as fixed before it makes it into Ubuntu, but I see no such link in that bug report.
I think you're confusing some of the bug status. https://wiki.ubuntu.com/Bugs/Status
Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 1 X 1TB, 2 X 3TB HDD
Please don't request support via PM
Gee! These Aren't Roasted!
So... How do I keep wine working and not be vulnerable?
Tall Cafè Ubuntu
Remove Z: which is set to the whole file system /
If you do this however, you'll have to run all your wine apps in drive_c folder from now on.
Iced Almond Soy Ubuntu, No Foam
Not sure, but when I tried sysctl vm.mmap_min_addr on my Karmic system (with wine installed), it returned 0 which means it would be vulnerable. Whether or not it really is vulnerable is another question, because a default Ubuntu installation has no root account.
BTW, it looks like a diligent member of our community has reported it:
https://bugs.launchpad.net/ubuntu/+s...mu/+bug/401950
So with dosemu or wine installed, it could be (not necessarily is) vulnerable, but I'll leave that to be answered by a member of the security team or other appropriately educated persons.
Last edited by samjh; November 7th, 2009 at 12:39 AM.
Too much Ubuntu
Ubuntu does have a root account, it's disabled though. So yes it is possible to get a root shell through an exploit.
Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 1 X 1TB, 2 X 3TB HDD
Please don't request support via PM
5 Cups of Ubuntu
I uninstalled Wine, rebooted, and ran this code
cat /proc/sys/vm/mmap_min_addr
and still got a 0. Do I need to be concerned? I can't find how to take care of this problem anywhere, does anyone on here know how?
Thanks
Andy
100% Pure Ubuntu
Apparently yes for as long as it is zero. However there is a fix and you can still theoretically run Wine.
According to: http://www.itworld.com/security/8391...tant-linux-fix
All you have to do is sudo the command (sense just entering yields our favorite insufficient access reply):
however the 1024 can be any number up to 65535. This fix however is only good until you reboot. Though I suppose you could setup a script or something. How you would do a script for a limited account I have no clue.Code:sysctl -w vm.mmap_min_addr="1024"
Last edited by MasterNetra; November 9th, 2009 at 05:49 PM.
Diaspora Handle: masternetra@diasp.org
Grande Half-n-Half Cinnamon Ubuntu
FYI, I have dosbox installed and:
returns "vm.mmap_min_addr = 65536", on Karmic.Code:sysctl vm.mmap_min_addr
This is the first age that's paid much attention to the future, which is a little ironic since we may not have one.
-- Arthur C. Clarke
Adv Reply
Bookmarks