"Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores." We originally believed this issue did not affect 2.4 kernels, however this appears to be incorrect.
Created attachment 111370 [details] Proposed patch from Debian
Actually, Alan said "In the 2.4 case your controlling tty is private not thread group so a setsid() can't race because you can't setsid in the same thread as is opening current->tty."