Author Topic: Big kernel hole  (Read 1560 times)

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Big kernel hole
« on: 8 January 2005, 08:23 »
Slashdot Article

Someone just found a serious root exploit in the Linux kernel, even the latest ones.  Basically, if you can log in and run a program, you can crack root.  

Hopefully the kernel team will fix it soon... but it  didn't look like a simple error to me, and exploit proof of concept code is already out.
In brightest day, in darkest night, no evil shall escape my sight....

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Big kernel hole
« Reply #1 on: 8 January 2005, 21:44 »
Did I ever mention this site is tech-comedy gold?

"Re:*sits back* (Score:5, Funny)
by darc (532156) on Friday January 07, @08:24PM (#11293496)
(Last Journal: Friday August 29, @06:09PM)

Yeah yeah, that's the responsible thing to say. But responsible stuff is sooooooooo boring. I mean, if we were all responsible people that wanted stability, we'd all be running kernel 2.2, Apache 1.1, many year old revisions of programs patched to all heck, never install any packages that aren't yet at least of legal age, and still tout ISA support as a bleeding edge feature.

Hmm. Wait, I think I just described Debian Stable.

*is hit by a gigantic potato from the debian crowd*

(Yes, I am aware that stable is called Woody, and the last version was called Potato. But if I said "is hit by a gigantic woody..." i'd probably get murdered. Oops.)"

Classic.     :D  

EDIT: Added URL livelinks.  :cool:

[ January 08, 2005: Message edited by: Midnight Candidate/BOB ]


Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Big kernel hole
« Reply #2 on: 8 January 2005, 10:33 »
Now that you mention Slashdot being comedy gold...here's some more from that thread:

 
quote:
Re:*sits back* (Score:5, Funny)
by ackthpt (218170) * Alter Relationship on Friday January 07, @04:43PM (#11291506)
(http://www.dragonswest.com/ | Last Journal: Friday October 08, @01:07PM)
*awaits justifications and explanations of why this is nothing like Microsoft*

Because in this case Linus Torvalds is our new overlord, and I for one, welcome him.


And this from an earlier thread about Macexpo:
 
quote:
Re:Misleading Article (Score:4, Funny)
by northcat (827059) on Friday January 07, @12:56PM (#11289241)
(Last Journal: Thursday January 06, @11:15AM)
How can his post be rated informatve when it isn't true?

You must be new here.
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Big kernel hole
« Reply #3 on: 8 January 2005, 15:26 »
Nasty, but judging from LKML there should be a fix in -ac over the weekend.

[ January 08, 2005: Message edited by: Tux ]

Contains scenes of mild peril.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Big kernel hole
« Reply #4 on: 8 January 2005, 22:11 »
and for us normal lusers, do you think this will trickle down into the apt repositories etc in a hurry? or should i recompile on my own, when the rectified code appears? (actually slack slapt-get 9.1 repositories)

[ January 08, 2005: Message edited by: Calum is NOT a moderator ]

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Big kernel hole
« Reply #5 on: 9 January 2005, 10:08 »
quote:
Originally posted by Calum is NOT a moderator:
and for us normal lusers, do you think this will trickle down into the apt repositories etc in a hurry? or should i recompile on my own, when the rectified code appears? (actually slack slapt-get 9.1 repositories)

[ January 08, 2005: Message edited by: Calum is NOT a moderator ]



Calum, I think that the fixed kernels will get into the apt-get repositories in less than a week of new code being released.  

As far as whether to build from kernel.org ASAP or wait.... that's a question of risk management.  

If you have a multiuser box and you don't trust all your users (like in a University environment, for example), this hole is a freaking disaster and has to be fixed as fast as possible.

If you have remote login capabilities, such as sshd running, you still gotta worry about someone trying a brute force attack, or maybe getting a username and password from a keylogger on a compromised remote machine.  You can minimize the risk by limiting access with hosts.allow or iptables.  This is what I'm relying on right now.

However, I'm freaking paranoid so I'll probably go build it from source when it comes out at kernel.org
In brightest day, in darkest night, no evil shall escape my sight....

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Big kernel hole
« Reply #6 on: 11 January 2005, 01:45 »
By the way, we are fixed in the -ac tree for 2.4.28 and 2.6

I wouldn't expect to see the mainstream repo's packaging the -ac tree Calum, but feel free to copy your config and make oldconfig  
Linus will put a long term fix into 2.6.11, but who know when that is out. If you are running multiuser I would say compile -ac6 and test it out, because even if there's a bug it will be better than having a comprimised root!
Contains scenes of mild peril.

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Big kernel hole
« Reply #7 on: 11 January 2005, 08:19 »
I can't see any -ac patch for the 2.4 series kernel.
The changelog for 2.4.29-rc1 doesn't mention anything about fixing this hole.

I just tested the exploit code on my older 2.4.20 kernel and cracked root.  Oh fricken joy.

[ January 10, 2005: Message edited by: M. O'Brien ]

In brightest day, in darkest night, no evil shall escape my sight....

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Big kernel hole
« Reply #8 on: 11 January 2005, 18:21 »
I beg your pardon, I meant 2.4.29-rc1

<snip>
Marcelo Tosatti:
 o Changed VERSION to 2.4.29-rc1
 o Paul Starzetz: sys_uselib() race vulnerability  (CAN-2004-1235)
</snip>

[ January 11, 2005: Message edited by: Tux ]

Contains scenes of mild peril.

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Big kernel hole
« Reply #9 on: 21 January 2005, 08:09 »
Well, I just tested 2.4.29-rc3 (hand patched, hand compiled).  I haven't been able to crack root on it yet using the sample exploit code.
In brightest day, in darkest night, no evil shall escape my sight....