MandrakeSoft issued an urgent message for all 9.1 users to back out of the 24mdk kernel update and downgrade to 18mdk or 13mdk. A problem exists in all kernels (except kernel-secure) where newly created files are created mode 0666 (world writeable) on any filesystem other than XFS, including remote NFS mounts. A corrected kernel is to be released soon. Update: The official announcement of 9.2-b1 is out.
Updated Mandrake 9.1 Kernel not Safe; 9.2-b1 Announcement
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Anybody see anything new comparing to 9.1?
KDE 3.1.3… and I think a new kernel
Ranger has already posted a list of new features in Mandrake 9.2 on this site. Mostly you´ll find a more stable distribution, with a considerable number of improvements in just about all the packages. I.e., if you liked 9.1, you´ll like 9.2 even more.
This is an early Beta and a lot can change until the final release. Total newbies beware: this release, like any Beta, is not for you!
Experienced users are welcome to test and post bug reports, of course.
I haven’t used Mandrake since 7-point-something (’twas my first Linux distro!). It seems to have come along since then. I like the default theme they’ve got, it’s a bit similar to the one I use (light greys and fairly flat widgets).
I haven’t really been able to use Linux effectively since January. I made the mistake of building my new machine with an nForce2 motherboard and a Radeon 9700 Pro, a combination that to this day isn’t really usable (at this point mostly because my TV card won’t work when I’m using both my monitors).
Here’s hoping 9.2 will take away some of the hassles since Mandrake usually leads the pack in supporting newer hardware. XP is spoiling me.
Another major security hole out of the many thousands in all the Linux distros and it hardly gets a mention amongst the Linux zealots here.
If it was a MS security hole there would be 120 posts in here by now.
But then again lets remember that everything was “invented” on Linux and its gods gift to operating systems.
As one of the Linux zealots, I should point out that this is an early beta. This is not a for sale distribution yet. If the final release had a bad kernel I would expect Mandrake to be flamed, but not over a beta.
I think you’re mistaken. The bad kernel is for 9.1, so this is a serious mistake by MandrakeSoft.
while they are at it – i hope they fix another kernel bug that wasn;t fixed with their previous kernel update.
gbb does not work with XFS on mandrake 9.1 or the updated kernel.
that’s a pretty serious bug. shouldn’t have been picked up by people fixng application bugs using gdb… !
Sorry, the screenshots are still up but not available, its just free webspace and the traffic was maybe too much.
I have send the screenshots to the OS-News Crew so they can put them on her space if they want.
that you didn’t link a Lycos page.
Yet another reason I have migrated away from 0$ to Windows 2003. I can sleep sound at night, knowing I don’t have to worry about crap like this.
Ha ha ha … you are been sarcastic… are you…
yes, it is bad… and bad for mandrake users… and thats as far as it goes…
it is not as if it were an overall Linux problem… I guess mandrake tried hard at imitating windows…
and
…sleep sound at night, cry during the morning… CroanoN…
Mark,
As another Linux zealot speaking to a MS zealot. When there is a hole like this in Linux it gets fixed in 24-48 hours, If not sooner. With Micro$haft they try and sweep it under the rug, and play like nothing happens tell they can figure out who broke what and who they can buy to fix it!
CroanoN,
You got to be kidding, W2k3 has already had security problems. Your funny.
Check on thread down.
Microsoft to Tout Windows Server Sales; More Security Holes
And 11 down
Cracking Windows Passwords in Seconds
Sounds great to me. You M$ zealots have nothing to fear. Please.
Bugs in Windows appear with fearful frequency. And, you have no way of knowing if the bug exists until someone finds it. Ever wonder how often there is a bug that gets missed to some hax0r starts to exploit it?
With open source, people can look over the code and find the bugs themselves. Yes, both good and bad, but it gets fixed quicker because users might find it and send a fix into the people who make the program.
Should we take a look at the SSL bug that occured with konquerer and IE? Who got it fixed in a week, and who said it wasn’t anything to worry about?
Anyways, Linux users (in my experience) do not think that Linux invented everything. We’re not that naive.
Now, this bug does exist, and it will be fixed. But, I’d hate to tell you how many viruses exist for Windows simply because of the way programs are setup. Atleast Linux, by default has permissions! Windows XP, everyone is an administrator…one virus, buh bye system.
>>> Windows XP, everyone is an administrator
wrong. which drunk planet are you from? oh yeah, linuxland.
and just to shake another stick. i’ve used windows mightily since 95 and haven’t had a virus nor been hacked.
Give me your ip, ill have your system hacked in…what was that….13 seconds. ;p
and just to shake another stick. i’ve used windows mightily since 95 and haven’t had a virus nor been hacked.
What he forgot to mention was that he is not hooked up to a network…
Do you even have a virus scanner installed? (seriously..)
How could a bug like that creap into their kernels? Its not in the original kernel source. Sounds like someone either modified their source tree or incorrectly applied a patch. In either case it has me very skeptical.
Something like this should not happen. Pay more attention next time. Regression tests and QA help a lot. Be professional!
Something like this should not happen. Pay more attention next time. Regression tests and QA help a lot. Be professional!
That’s why its called a bug. If their QA would have caught it, it would not be an issue… Shit happens, even to the big boys…
Gentlemen, there are probably tens of millions of windows users which have never been hacked or had a virus. For God’s sake, just USE COMMON SENSE. Don’t open all the attachements you get if they don’t seem familiar, don’t go to weird sites, install a firewall etc. Computing is like any other fact of life, play safe if you want to be safe.
That’s also valid for linux too.
Depending on your mail client or web browser, and their patch levels, opening them doesn’t matter. Most people that claim “I’ve never gotten a virus” don’t run virus software, and have no clue that they are really secretly sending virus ridden email to thousands of people.
“and just to shake another stick. i’ve used windows mightily since 95 and haven’t had a virus nor been hacked.”
You can’t prove that statement. If you’re hacked by someone who knows what they’re doing, you’ll never know it.
Security – no computer is secure. No operating system is secure. Understand that, patch when necessary and don’t trust anything to the security of a computer system.
I’ve never been hacked either, Windows, Linux, or BSD…the only virues I’ve ever received have been properly handled by my virus scanner.
As Stefan pointed out…common sense goes a big way.
Plus, running Windows doesn’t guarantee you’ll be hacked.
I could set up an extremely secure Windows server box, and I could setup the most hackable Linux box in the world. It’s all in how you administrate your machine.
Linux really isn’t any more inherently secure than Windows, no matter what Slashdot told you or what you prefer to believe. Look on CERT sometime…most of those little buggies are for *nix, not Windows. For example, I’d have to say Sendmail is buggier than Exchange from a security standpoint, Apache and IIS are about equal in their current versions, and BIND…well whatever MS offers for DNS can’t possibly be as bad as BIND is…only run BIND on a separate OpenBSD server is all I have to say about that.
But I guess it’s just k00l and l337 to say “Winbloze is Insecure as a fat hairy teenage girl” right?
That’t true. But again, if you want to be robbed, don’t close the back door of your house. There are some basic safety measures that you need to take that should be part of basic computer education. If you play safe, you’re probably be in the 99% of the users who never had a problem.
nt
http://australianit.news.com.au/articles/0,7204,6765533%5E15306…
😉
http://australianit.news.com.au/articles/0,7204,6765533%5E15306…
😉
well, compadres i do run the norton av stuff, and i have a firewall installed.
yes if i were to give out my ip to god and everyone i’m sure someone would have fun at my expense. fact is, all you really have to do is play it smart. i dont bother with bullshit emails, i dont install crapware.
fyi, i also have an os x box (soon to be primary) and i have had a linux box for about 2 years until just recently. i have a pretty good grasp of how not to be a complete fool and that has gotten me by over the years.
just one thing…
>>You can’t prove that statement. If you’re hacked by someone who knows what they’re doing, you’ll never know it.
so what you are saying is that i could be hacked, never know it, and never feel any consequences. boy that would be a shame. to be able to use my computer as though nothing had happened and never know the difference. golly, this world is dangerous.
so what you are saying is that i could be hacked, never know it, and never feel any consequences. boy that would be a shame.
Ever hear of DOS attacks? You may not feel the consequences, but someone else may…
Everyone’s computer is insecure to some degree… Its all software, and none of it is perfect…
I am always leery of vender-modified kernels. The primary reason is that patches to vender kernels do not go through the same process that patches to the vanilla kernel must go through. You don’t have Linus, his officers, or the LKML looking at many of the patches. That isn’t always bad–sometimes well-trusted patches take an inordinate amount of time to be accepted into the kernel (e.g. cryptoloop code in the 2.6 test series) and distros can include those patches for their users months before the vanilla kernel accepts them. But that also means you should know what patches have been applied to your favorite distro’s kernel.
If setting up a secure machine, paranoia is usually good. When being paranoid, either download the kernel.org kernel and apply the patches you want, or understand what patches your disto has applied for you.
https://rhn.redhat.com/errata/rh9-errata-security.html
> https://rhn.redhat.com/errata/rh9-errata-security.html
Forgot to mention Linux is my main OS and I’d have it no other way, just don’t assume becuase you’re not running M$ that your OS is bug free or secure.
The screenshots is down!!
(http://members.lycos.co.uk/norba/mdk9.2beta1/index.htm)
Sorry,
I did not realize that this was a problem with the kernel from the ‘stable’ 9.1. Luckily, I am not running the standard kernel on my MDK/GNU/Linux box (the kernel I use is optimized for multimedia) and has not caused of any troubles.
>>Ever hear of DOS attacks? You may not feel the consequences, but someone else may…
oh spare me. you “we’ve all been hacked or bugged” people drive me crazy. not everyone has been screwed. maybe its luck. maybe its something else. regardless, i stand by my “record” as i’m sure many others like me do.
“You may not feel the consequences,”
I agree with crazyjake on this. You ever heard of KNOWING what’s going on to your system. As root, you do have the power to know what’s going on. You better start learning.
And as a side note i am not an MS zealot. None of my windows machines ever face the internet. They all sit behind an OpenBSD box.
I prefer to use a properly audited operating system based on stable and mature code. Not one that has 40000 different kernel versions each with 20000 different patches all being modified daily by 50000 different people.
Hmm, it is interesting how mandrake gets a pass on their production kernel having a flaw, but Microsoft gets rakes over the coals for every security bulletin.
Now, last time I ran my antivirus, on XP, it ran through something like 90,000 files, and those were just the ones that norton was trained to scan.
That’s pretty complex if you ask me. Shouldn’t Microsoft be given the same benefit of the doubt?
Oh, wait, that’s right, it’s closed source, so you can’t fix it yourself. But think for a minute: the fixes you all outline are the same that I would run on my XP-firewall, antivirus, complex passwords, etc.
Hmm, sounds like a revolution to me.
i stand by my “record” as i’m sure many others like me do.
You know what? You ‘my computer is great, so everyone else is wrong’ people really frost me. How dare you paint me with a broad stroke!
Just because you, me, and anyone else on OSNews have never been hacked dosnt’ mean its not happening. I’ve been running the kernel version mentioned in this article, and I’ve never had a problem. Does that mean their’s not a problem? Yes, if you’re smart about your computer, and care enough to put up a fire wall, your more than likely going to be all right. But how many car mechanics, farmers, clerks, laywers, and doctors really care, or know, enough to download those things…
Go ahead, weenie. Stick your head in the sand, and maybe the world will pass you by…
All I really care about seeing in 9.2 (because there won’t be any new KDE, Gnome or 2.6 kernel) is a little bit of bug fixing and refinement on the galaxy theme. The upper left corner of all windows has the worst rounding job I’ve ever seen on a theme in the last two years. It looks like a retarded fourth grader did it with a pair of left-handed scissors in his mouth. It’s just kind of… straight up and diagonal. Good enough timmy!! Here’s a cookie.
Yet the right-hand corner is rounded perfectly.
LOL
No, I’m saying you could, for instance, be hacked and have all your data stolen and you’d never know about it. I’m not saying you HAVE – I’m just saying that you can’t *prove* that you haven’t.
cyberjackie: under Linux, yes (though a good rootkit can hide its traces quite thoroughly). Under Windows, harder.
I have used Windows since 3.1, and I have installed a lot of programs that has a high risk of containing viruses. I have also had a anti-virus program.
My machine has never been infected by a virus. And if it has, it has done nothing to reveal itself.
so…uh…what is your point, exactly?
if u have Mandrake 9.1 the latest kenel is now
waiting for u to download it. rpm style.
have fun