Hole In Linux Kernel Provides Root Rights

oztiks writes with this excerpt from The H: "A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system. According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. ... Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole."

Serve them right

[Anonymous Coward]

That's why those of us in the know stick to 8-bit Linux kernal.

Patch

[Anonymous Coward]

For those who compile from source, here is the patch:

---kernel.c
+++kernel.c
@@ -1,1 +1,1 @@
- void goatse(long cx) {
+ void goatse(int cx) {

The change from long to int closes the massive hole.

Re:Serve them right

[Anonymous Coward]

Yes, LUNIX.

Re:Doesn't work

[93 Escort Wagon]

You are too stupid to live....

I guess for people like you, next time I need to add...

*** BEGIN JOKE ***

and

*** END JOKE ***

If that's still not enough - I can incorporate the blink tag and some colored fonts.

Re:Serve them right

[Anonymous Coward]

I thought that was because you were a pretentious wanker?

Error in title

[Anonymous Coward]

Root is a privilege, not a right.

Patch

[Frankie70]

You can get a patch here [microsoft.com].

Re:Doesn't work

[TheRaven64]

protip: If you need markup to indicate your joke, you might be using a different definition of 'joke' to your readers.

Re:Perhap the kernel's size is becoming too unweil

[Runaway1956]

No, Linux sucks, but it sucks a lot less than Windows. I mean, the "fix" is already out. My update reminder has been sitting in the taskbar ever since I woke up. Every time my mouse rolls over my autohidden taskbar, I get a flash of red to remind me about the kernel update. I've ignored it, because the exploits are simply not deployed. Unlike Windows, where there are thousands of exploits deployed, some of them sitting on servers waiting for the opportunity to do a "drive by" installation. When it is convenient for me to do so, I'll download the update, and apply it.

Re:Perhap the kernel's size is becoming too unweil

[Anonymous Coward]

The fix was out before the maintainers rolled it back, too. Whoops.

Re:Serve them right

[DiegoBravo]

Thank you Adobe! you saved my machine!

Re:Perhap the kernel's size is becoming too unweil

[wampus]

Not interesting enough. Rewriting something that already works is where it's at.

Re:Patch

[Anonymous Coward]

@Kjella once you see #goatse, that memory will never be lost or overwritten

Re:Serve them right

[jamesh]

And those even more in the know use a two-bit operating system like Windows :)

Re:exploited

[koreaman]

<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<META content=FrontPage.Editor.Document name=ProgId>

Classy.

Re:Let's pretend Slashdotters are clueless

[ifiwereasculptor]

I believe (consider to be the truth) you're nitpicking.

Re:Serve them right

[grcumb]

1 bit operating systems are totally impossible to infect though.

That's true!

... Or false...

Re:exploited

[mr_mischief]

You should have included the next two as well:

A Windows-specific character set and a looping nonexistent background sound. Heh.

Re:In Soviet Russia!

[Anonymous Coward]

I'm sorry, but as a Linux guy, it's really hard to watch a Windows guy get a chuckle at somebody else given their chosen OS's inferiority and not have a chuckle about it myself.

As a BSD guy, it's really hard to watch a Linux guy get a chuckle at somebody else given their chosen OS's inferiority and not have a chuckle about it myself.