Distributors stamp on Linux bugs

Red Hat issues swift bug-fix but another appears

Popular Linux distributor Red Hat issued a bug fix Wednesday that will stop users from printing pages they have no access to. The bug was discovered just two days ago.

The speed with which Red Hat has produced the fix contradicts frequent accusations that it takes far longer to develop open source applications than conventional software.

The bug was located in the lpd and lpr programs of Red Hat distributions 4.X to 6.1. They involve bypassing permission checking while carrying out printing jobs. The swift fix of this problem represents not only a triumph for Red Hat but also for the many independent developers that contribute to developing the Linux operating system and Linux software.

It is not all sweetness and light in the open source community however. Security news group Bug Traq uncovered another exploit Wednesday -- affecting both Debian GNU/Linux and Red Hat Linux -- that can enable a user to bypass permissions and read restricted files.

It has emerged that an applet called "xmonisdn", which is built into the XWindows graphical interface of both these distributions and is designed to help users monitor ISDN use, can be manipulated to reveal the contents of restricted files.

Bug Traq contributor Ron Van Daal has developed a script to illustrate this exploit.

Follow-up story

Take me to the Linux Lounge .