A newly discovered security hole in Linux, published on an open source website, has raised questions about how Linux security issues should be handled. The vulnerability could allow malicious users to bring down Linux machines with just 24 lines of code, which are available from several open source websites and internet news groups. . . .
A newly discovered security hole in Linux, published on an open source website, has raised questions about how Linux security issues should be handled.

The vulnerability could allow malicious users to bring down Linux machines with just 24 lines of code, which are available from several open source websites and internet news groups.

The lines of C code, dubbed "evil.c", can crash several versions of the Linux kernel, including 2.4.2 and 2.6 variations, locking whole systems, said a bulletin by ¯yvind S¾ther of linuxreviews .org, one of the websites that has published the code.

The availability of the source code will focus attention on how open source security should be co-ordinated, according to Graham Taylor, principal analyst at Ovum.

"At the moment there is no central point of co-ordination for Linux security, which could lead to anarchic support," he said.

The link for this article located at computerweekly.com is no longer available.