Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability

["David Seaton" <david@xxxxxxxxxxx>]

On a curious note.
To my understanding, I can install RaQ4 or even RaQ 550 onto my RaQ3.
However the 550 requires a bios upgrade, which if done wrong can leave your
system permanently dead.
So my questions are. How risky is it to upgrade, i.e. can it be done with
relatively reliable or are my chances 50/50?
And here's a good question..
After the bios upgrade, can I still load the RaQ3 software back onto the
machine?

ok, one more question, what exactly does this bios upgrade do? what is it fixing
or changing?


----- Original Message -----
From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, December 19, 2002 11:34 AM
Subject: RE: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem
mmap() vulnerability


Chuck wrote:
>> Sun cobalt has not approved the install of 2.4 on the RAQ 3 or 4,
>> and they will not for A LONG TIME :(<
> Pardon my ignorance, but why is this (ESPECIALLY if it addresses some
> serious concerns) ?

My understanding is that to upgrade to 2.4.x requires reflashing the BIOS of
the Raq, which can certainly be done, but has the risk of rendering the Raq
unbootable if it goes wrong.

So Sun won't "approve" 2.4.x because then they'd be approving you breaking
your Raq and you might expect them to fix it. So they probably never will
"approve" it, but they certainly won't stop you. It'll break the warranty
but so do most necessary upgrades.

Cheers
Stephen

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security