Be advised that linux kernels 2.6.17 to 2.6.24.1 are vulnerable to a local root exploit. At this time, it's recommended that servers be downgraded to a non vulnerable kernel until a patch is pushed out.

http://it.slashdot.org/article.pl?sid=08/0...57&from=rss
http://www.gossamer-threads.com/lists/linux/kernel/877192

If you're running a custom kernel, the patch below should work(may need to do it by hand.. this works on the source from Gentoo's Portage):

fs/splice.c | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6/fs/splice.c
===================================================================
--- linux-2.6.orig/fs/splice.c
+++ linux-2.6/fs/splice.c
@@ -1237,6 +1237,9 @@ static int get_iovec_page_array(const st
if (unlikely(!base))
break;

+ if (unlikely(!access_ok(VERIFY_READ, base, len)))
+ break;
+
/*
* Get this base offset and number of pages, then map
* in the user pages.

If you're running a pre-compiled kernel... I'd suggest moving back to something before 2.6.17 until your Distro releases a patched kernel.

(Be advised that The Planet does not officially support custom kernels.)