Some Linux Distros Found Vulnerable By Default
This all comes down to default settings in a distro; what will be the least burdensome setting without compromising too much security. With Gentoo things are made a bit more secure. As an example users aren't automatically added to the wheel group, so I think this issue is in line with that. Additionally, I'm running gentoo-2.4.28-hardened-r4 kernel, is there a setting within the kernel that would prevent this? I see CONFIG_BSD_PROCESS_ACCT which I do not have set, but is that all that would be needed, or is /etc/security/limits.conf the proper place to set this? (just trying to figure out if my server is vuln w/o trying it and crashing my server first).
I for one am glad this is out now, instead of after an exploit is out using it! I'm checking my Linux and FreeBSD servers at home tonight.