Bug In Most Linuxes Can Give Untrusted Users Root 281
Red Midnight and other readers brought to our attention a bug in most deployed versions of Linux that could result in untrusted users getting root access. The bug was found by Brad Spengler last month. "The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution... doesn't properly implement that protection... The... bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. ... [Spengler] said many other Linux users are also vulnerable because they run older versions or are forced to turn off [mmap_min_addr] to run certain types of applications." The register reprints a dialog from the OpenBSD-misc mailing list in which Theo De Raadt says, "For the record, this particular problem was resolved in OpenBSD a while back, in 2008. We are not super proud of the solution, but it is what seems best faced with a stupid Intel architectural choice. However, it seems that everyone else is slowly coming around to the same solution."
Re:So? (Score:3, Funny)
Hah, this just shows how EFFICIENT Linux is. Until recently, Windows achieved their local privilege escalation vulnerability rollout by having almost every home user running as fully privileged administrator accounts all the time. Linux achieves all this through a small tweak to the kernel build system, thus getting this feature to 100% of Linux users without any manual intervention at all.
Re:Somebody fill me in.. (Score:4, Funny)
It's not Linus and Theo, it's Theo and everybody.
And yes, it's dueling egos. Theo is a very good coder, and OpenBSD is an amazing system, but Theo should stop talking to the public. It never helps. (Even when he's right, which he usually is when the discussion involves something technical.)
Re:sysctl vm.mmap_min_addr (Score:3, Funny)
But I use RedHat you insensitive clod!
Re:Bishop bashing bonobos (Score:5, Funny)
What's the deal with the masturbating monkeys? (Score:5, Funny)
I read Theo's comments and he's going on an on about Torvald's fixation with masturbating monkeys. Then some member of the openBSD crowd even offers a link to purchasing "your very own" **masturbating monkey** http://www.wellcoolstuff.com/Merchant2/graphics/00000001/20-Apr-07-05.jpg [wellcoolstuff.com]
Then I read Torvald's comment about the Linux exploit, with Torvald referring to the openBSD developers as being __like__ a "bunch of masturbating monkeys".
Ok, so is this like some kind of secret code used among OS kernel developers? Like saying "my shoe is blue but the cow is hungry" really means "Oh man, this code is leaking memory and crashing my system"? Or is this some kind of secret initiation thing, where in order to truly become a member of the OS development club, you have to first ... masturbate a monkey??!! Can somebody explain it, or maybe do some investigative reporting on this?
Re:Isn't this a dupe? (Score:1, Funny)
What? You mean I don't have to wait until patch tuesday? Outrageous!
Re:Patch (Score:2, Funny)
That fix is kind of a pain because you have to reboot Linux. I've found a much more logical fix here [microsoft.com].
So it's a windows bug (Score:5, Funny)
So it's a windows bug.
Re:Bishop bashing bonobos (Score:4, Funny)
Exactly, right before Nymphomaniac Nightingale
Re:Bishop bashing bonobos (Score:3, Funny)
"masturbating monkeys"
Is that the next Ubuntu release after Lucid Lynx? I can't wait!
Re:Patch (Score:4, Funny)
Re:Bishop bashing bonobos (Score:5, Funny)
...Orgasmic Orangutan...
Re:obvious troll is obvious. (Score:1, Funny)
Re:Isn't this a dupe? (Score:2, Funny)
Just type sysctl -w vm.mmap_min_addr=4096 in your box (or any other number > 0) and you are safe.
sysctl -w vm.mmap_min_addr=11
Now I'm safer than everyone else.
Re:Patch (Score:3, Funny)
That fix is kind of a pain because you have to use OS X. I've found a much more logical fix here [sun.com]