gentoo-sources-2.6.30-r3 contains a fix for a security flaw that also comes complete with some exploit code.
Apparently, it only affects 2.6.30 so if you gentoo-sources-2.6.30 please upgrade to r3.
I just committed it, so it should hit the mirrors soon after I post this.
Thanks to everyone who brought to my attention and thanks kerframil for the links below that provide additional information.
http://isc.sans.org/diary.html?storyid=6820
http://lists.immunitysec.com/pipermail/dailydave/2009-July/005810.html
http://www.youtube.com/watch?v=UdkpJ13e6Z0
I have compiled the new 30-r3 kernel a couple of times now, using the same config as I used in 30-r1, but no the kernel don’t execute, sure you didn’t add something that shouldn’t be in the kernel with your fix?
From
http://lwn.net/Articles/342268/
it seems that users of the vanilla sources are getting this error.
So you could try vanilla-sources-2.6.30.2 and try to reproduce your bug.
And in any case you should probably open a bug on Gentoo’s bugzilla.
Trizt, please file a bug if you’re having problems running a newer instance of gentoo-sources. Between -r1 and -r3, the most significant change is that the upstream 2.9.30.1 stable patch was added:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.1
It’s very uncommon for a 2.6.X.Y stable patch to introduce a regression but not impossible. In any case, bugs.gentoo.org is the place for this.
Oops, typo – I meant to say “upstream 2.6.30.1 stable patch” in the previous post.