Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Bug Security SuSE Linux IT

Root Privileges Through Linux Kernel Bug 131

Posted by timothy from the who-needs-windows? dept.
Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."
This discussion has been archived. No new comments can be posted.

Root Privileges Through Linux Kernel Bug More

Root Privileges Through Linux Kernel Bug

Comments Filter:

  • Re:Linux! "It just works!" (Score:1, Interesting)

    by Anonymous Coward on Thursday August 19, 2010 @05:49PM (#33307880)

    Indeed, 5 years old and no exploit. Patched several years ago by the distros. The question is why didn't it get back into the kernel tree.

  • Re: Ask the Kernel Overlords (Score:5, Interesting)

    by xiando ( 770382 ) on Thursday August 19, 2010 @06:22PM (#33308222) Homepage Journal

    Why not ask the kernel developers? Nah, I'm not just joking, don't ask those nutjobs anything, they'll just freak out and start yelling at you.

    I've seen many similar statements, so there may be some truth to this, but my experience is that they give you a short-as-possible only-most-relevant question such as "Can you bisect?" or reply like "Patch rejected: missing signoff". It appears their time is very valuable or they have to pay $5 pr. typed letter.

  • Re:Ummmmm, a local exploit. (Score:3, Interesting)

    by Beelzebud ( 1361137 ) on Thursday August 19, 2010 @06:34PM (#33308364)
    If it's a non-story then why did Linus patch it today? Apparently he didn't agree with your flippant way of looking at OS security.

  • Re:Nothing to see here.... (Score:5, Interesting)

    by jittles ( 1613415 ) on Thursday August 19, 2010 @08:24PM (#33309204)
    My guess would be an oversight at kernel.org. I submitted a kernel patch to the USB HID driver back in the days of 2.6.10 and 2.6.13. The driver was incorrectly suspending its state (I can't remember what it was doing off the top of my head) while it held onto a spinlock. The result was 100% CPU utilization when you called certain ioctls made available by the driver. The patch didn't make it in until 2.6.17 if I recall correctly, and not until someone with a name submitted a patch for it.

  • Re: Ask the Kernel Overlords (Score:4, Interesting)

    by smash ( 1351 ) on Friday August 20, 2010 @12:04AM (#33310404) Homepage Journal
    So, only 6 years late then? SuSE just went way up in my book.

  • Compare to Apple... (Score:3, Interesting)

    by Myria ( 562655 ) on Friday August 20, 2010 @01:36AM (#33310812)

    Compare this to Apple, which still hasn't fixed my Darwin kernel ring 0 exploit, which I reported in June.

    It's x86-only, so no, it can't be used for the second step of an iPhone jailbreak. =(

  • Re:Nothing to see here.... (Score:3, Interesting)

    by LinuxIsGarbage ( 1658307 ) on Friday August 20, 2010 @07:25AM (#33312022)
    How great does the serial console work if the system won't boot?

  • Re:you didn't do it right (Score:1, Interesting)

    by Anonymous Coward on Friday August 20, 2010 @12:35PM (#33315322)

    "...the correct procedure is to keep pestering the maintainer..." wow, THAT's a screwed up procedure. If I go through the effort of identifying a flaw and submitting a patch and the maintainer doesn't acknowledge my existence, the hell I'm going to keep pestering him...

    I mean THAT's the reality of it, it isn't that the maintainer just misplaced the e-mail. E-mails from Linus don't get accidentally misplaced. So why should e-mails reporting and fixing vulns get misplaced? It's BS and it's a little elitist club, and that needs to be fixed, rather than the submitter needing to dedicate his/her life to getting listened to by the members of the elitist club.

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Close