Slashdot Mirror
2.2.16 Kernel Released - Fixes Security Hole
gavinroy writes: "According to an e-mail I received from the kind folks at Sendmail, Inc., the Linux Kernel versions 2.2.15 and below have a SUID security flaw. "This problem will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded." Sounds like a good reason to go 2.2.16 to me - grab it." The sendmail advisory is also online, as well.
After I got over my initial outrage (and head->wall slamming), I was actually laughing. The guy was most definitly just a script kiddie (using lames scripts to boot). Though I don't really know how he got in, my logs were intact as were the his shell history files, though the script did try to handle that, but bash keeps the current history in memory, thus rm .~/.bash_history doesn't work to well :). AFAICT, he only left some back doors (which I fixed), and this was after a pretty thourough check of my system (though I am definitly going to look into something like tripwire as not everything is in the rpm database).
Linux isn't perfect, but I am much more willing to trust it than OpenBSD just due to the number of eyes looking over the source.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
Yes, I know that bugs that are caused by design issues take weeks or months to test (hence the long 2.3.x cycle), but this is not one of those.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
For female sysadmis: s/male pronouns/female pronouns/ (don't blame me, english sucks:)
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Why does Slashdot link directly to the main kernel.org server, and circumvent the absolutely massive set of mirrors that they have setup around the world to save bandwidth and time for everyone?
...
...
Go to http://www.kernel.org/mirrors/ and get the new kernel from there
Hrm, a multiplexor like the CPAN one would be quite cool for kernel.org as well
I saw "kernel" and "released" and got my hopes up that 2.4 was finished. Damn the man and his female consort.
"The further I get from the things that I care about, the less I care about how much further away I get." -Robert Smith
As a matter of fact, you got that precisely backwards: the Open Source Movement (or I should rather say: the thinking internet community) maintains: Security through obscurity never works. Why is this, do you ask? Because security bugs, like all others, will be found, and what you do not want to happen is, that all the nasty crackers and script kiddies know about the bugs and you don't.
True, this also means, that all the crackers and script kiddies will now know about this bug, but there is a fix. And if you don't want to have to spend time to fix it, fine, suit yourself, just don't come crying to daddy if someone hacks your machine to bits, because you were informed beforehand.
Security through abscurity has never worked, see M$'s Windoze for case in point.
Stefan.
`I was all fired up to write a big rant, but instead found apathy to be a more worthwhile solution.' --- Ashley Penney
The truth shall make you fret. (Ankh-Morpork tImes motto)
Sendmail are hardly helping
So it would have been better to just let the bug exist?
I suppose that's the Microsoft security model. Let bugs we *know* about to just go on until the next service pack and just hope that other people don't know about it. Bull. By the time that the power that be (Microsoft in the Windows world) know about a bug in the wild, people who look to exploit these things know and probably use it. Hence, the faster it is fixed, the better, even if it's done in public, since the people who would use it for harm probably already know about it.
A good example:
Back in January or so, a bug was known in Microsoft's Internet Exporer software that would cause a very hard computer crash. (If you must know, it involves following a link to "c:\con\con" or "c:\nul\nul" or "c:\aux\aux") It was patched about a month ago (May, I believe). If this had been Linux, I could have personally fixed it, the fix is so very easy (the hackish way would be to disallow those specific strings mentioned, the more complete would be to restrict links to old DOS functionality)
.. by the predictable responses from people here.
Linux is not secure!
Linux can't be trusted!
Well stop shouting and think for a minute. Security is not a simple subject and there is no such thing as a totally secure system. All you have is more secure systems and less secure systems. IMO, these are the important questions:
Q: Are security flaws like this easier to find in open source operating systems such as linux?
A: yes!
Q: Does this make linux more secure than closed source systems?
A: No!
Q: How many potential flaws exist in closed systems?
A: Nobody knows.
Q: How many more flaws will be found in linux:
A: Nobody knows.
Q: Is linux more secure or less secure than other systems?
A: There is no clear answer. Weigh up the pros/cons of the security records of each OS you are considering, and the areas in which they have had security problems and decide for yourself.
Please people, every time a flaw is found in Linux, people shout "Linux is not secure!" and when its in NT, we hear "NT sux. Linux rules"
and similar for other OS's. Stop it.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
If you want real stability and lack of problems, go for the last generation of kernel.
For production boxes, 2.0.X boxes are probably a good idea..
I read the release notes and kernel traffic and try to figgure out when the new series has matured, and this time it was mostly done about 2.2.12, but still had some ide problems and this bug.
Besides, you should ask a Solaris admin about the bugs that SUN patches months after they are widely known.
Blessed are the pessimists, for they have made backups.
The advisory is unclear, just says versions before 2.2.16. Does this include 2.0.x? 1.2.x? even older versions?
-Yarn - Rio Karma: Excellent
> but also an attorney's license
I notice you didn't say anything about making the grade as a practicing attourney.
Mucking foron.
--
Sheesh, evil *and* a jerk. -- Jade
This bug is a part of the new capabilities functions. ;-)
All that is happening is that under some circumstances, SUID programs that try to drop some of their priviliges don't end up droping them correctly, and remain SUID.
This does not open up any more remote exploitable holes, but rather makes it give you root rather then your "nobody" user when you break a program like sendmail that uses this sort of security.
Is this a bug? Yes. Is it remote exploitable? No.
Not to mention, that as far as I know, quite a few other os's don't provide capabilities like this, so they are all as vulnerable as Linux is.. (However, I've never researched this and could be dead wrong, they could all have implemented this ages ago..
Blessed are the pessimists, for they have made backups.
BluePoint Linux Software Corp. is someone I've never heard about, hence I can only speculate. But the speculation is that it's either a distribution maker or a company that writes software to run on the Linux operating system.
Note that BluePoint Linux Software Corp. is no more the maker of Linux then VA Linux Systems or RedHat Linux. The point is that there is a qualification on the Linux, it's not the Linux. The Linux is not controlled by a company.
Actually, Windows works differently than Linux. Then kernel is located in a special
file (c:\io.sys) on your hard disk.
>>>>>>
Not in any Windows version is the kernel io.sys. It provides some DOS functionality, but the Windows kernel resides in kernel32.dll and kernel32.exe.
All of the extra hardware functionality (USB,
multimoniter, etc.) that you mention is tacked into the OS through a series of
interesting things like normal and virtual device drivers.
>>>
All the buses are in the kernel. That's why decent USB support didn't appear until 98 and why NT4.0 never got Firewire support until MS patched it. TheyUSB drivers required a lot of hacking to get past the kernel, and the Firewire drivers were impossible to write without the cooperation fo the NT kernel. Multi monitor is also part of the kernel because that is under the control of the graphics system, which resides in the kernel.
It's sort of like a
microkernel, only these drivers are accessed through a GUI (Windows) running on
top of the DOS 7 part and the kernel.
>>>>
Wrong again. Contrary to popular belief, Win95 does not run top of DOS. Its mostly anti-microsoft propganda. True, Windows 95 has DOS embedded in it, but does not use it all that much when running Windows programs. If you run fully 32 bit programs, Win95 rarely goes switchs into real mode DOS. WinME will finally take DOS out altogether, although it will still suck. I mean even Win3.1 only used DOS for the file system! Second, no Windows is really a microkernel. They want to tell you that NT is a microkernel, but in reality, it has most drivers embeeded in the kernel, and one big Win32 system server. Hell, in Windows 2000, the hardware abstraction layer includes calls to DirectX! (Though there is nothing wrong with that. It might be acedemically incorrect, but if MS would just let the DirectX guys do NT, Linux would be in major trouble.) Win9x is even more monolithic. Everything from the graphics and some GUI functions to file systems run in the kernel.
Unlike with a microkernel, the kernel never
actually touches the device drivers and things that Windows runs. Windows even
has it's own virtual kernel that runs on top of the actual one!
>>>
You're confused. The Windows kernel has complete access to hardware drivers. It doesn't run on top of DOS, it uses some DOS code in the kernel. Its just like the Linux kernel in terms of closeness to harware, but while Linux is completely 32 bit protected mode, Win9x has some sections that are real mode. Also, there is no virtual kernel. I think what confused you is that Win9x has a virtual machine that runs all Win16 programs, and many virtual machines to run DOS programs. All 32 bit programs run without a virtual machine.
Some of the other things you mention (icons, IE) are actually in executable code in
the GUI part of Windows and elsewhere, not through any interaction with anything
resembling the kernel.
>>>>>>>>>>>>>>
True, icons are not in the kernel. Faux pas on my part. However, they are pretty close. All the routines to load icons and do graphics are in the kernel. Like I said, Win9x is SERIOUSLY monolithic.
X-Windows isn't part of the Linux kernel, and IE isn't part of
the Windows/DOS 7 one.
>>>>>>>>>>
Stop sayiing Windows/DOS 7. There is no DOS 7 kernel in Windows, the virtual machine that runs on top of the Win9x kernel reports itself as DOS 7. Win32 programs never actually use that virtual machine. The DOS heritage that Win9x has is not that it runs on top of it, but that it uses a good deal of DOS code.
DirectX is weird. It is made up mostly of a large number of device drivers and
some executable code, although there are more complicated things in there.
>>>>>>
DirectX is god. DirectX is mostly device drivers, that's true, that's what gives it the speed. Conceptually, DirectX is a set of COM objects that talk to the DirectX HAL/HEL. The hardware drivers make up the HAL (hardware abstraction layer) and emulators make up the HEL (hardware emulation layer) the other executable code is the stuff that orchastrates to whole thing.
These security fixes mostly update DLLs and stuff NEVER the kernel. Again, most
of Windows is actually executables and libraries. The kernel is quite small and
doesn't do a whole lot except interpret for these executables.
>>>>>
Whoa, that's kind of wrong. Windows networking is implemented in the kernel on Win9x, and in kernel mode servers on NT. True, they might not be in the same executable, but they are for all purposes part of the kernel. Again, I don't think you quite have the right idea about Windows. In all versions of Windows, the kernel is quite large. (Again, in NT the kernel32.dll is not that big, but a lot of stuff runs that is loading into the kernel.)
In short, the actual kernel has not changed much, other than moving it from two
files (msdos.sys used to have part of it) into just io.sys.
>>>>
I'm assuming you're talking about Win9x here. The kernel is not io.sys or msdos.sys on any version of Windows. They are DOS modules loaded by the Win32 kernel to facilliate some operations.
USB and other nice things
never directly interact with the kernel, but work through executable code (win.com
and associated dlls and other files) that runs on top of the kernel and accesses
hardware.
>>>>>
Wrong again. USB and stuff does work through the kernel. DLLs may provide support for the actual device, but USB is a bus and busses in Win9x are supported by the kernel.
Linux, on the other hand, integrates USB and such into the kernel, so it
does not constantly crash because of the complex and unstable patchwork doing
things DOS was never meant to do.
>>>>>
You're sentences make no sense. Integrating something into the kernel make it less stable, not more. (Ever wonder why NT used to be really really stable in 3.x before they moved graphics into the kernel?) DOS has nothing to do with it. There is no code in the USB services that use DOS.
You have a very well thought out response. The problem is that you are doing
exactly what MS wants: seeing Windows as one big happy family rather than the
confused mish mash it is. Dig a little deeper, and you'll discover why the model is
insecure and why it crashes constantly.
>>>>>
You seem to be quite confused on what Windows is. I got all of my information from a BYTE article cirica launch of Win95 that detailed the architecture of Win95 (then Chicago.) (BTW. BYTE was THE nerds magazine. I've never since seen a mainstream mag that went into the kind of technical detail BYTE did. Read the one from 1993 about the new OSs that were coming out then. They talked about message passing and hardware abstraction layers like you had known about them forever!) True, Win9x is a mishmash, but the fact that it runs on top of DOS is just not true. Win3.1 did, but in Win95, everything was moved into a set of modules (such as USER32.exe and USER32.dll and GDI32.exe and GDI32.dll) which comprised the kernel. Some of those modules contained DOS code (at launch, GDI32.exe was largely 16bit Win3.1 code,) but that does not mean that Win9x runs on top of DOS.
A deep unwavering belief is a sure sign you're missing something...
The system may bootstrap using the DOS kernel, but the Windows kernel is certainly not a virtual kernel running on top of DOS. That was the case in versions prior to 3.1. Read the book about PCs by Peter Norten. It is quite helpful and describes certain things about the Windows kernel. In particular, it says that in Windows95, the functions previously handled by DOS were moved into modules within Windows95. Whether or not these modules contain DOS code is irrelevant. They are within Windows 95. If what you say is true, that Windows runs as a virtual kernel over DOS, then most tasks that require access to hardware would have to go through DOS. However, Win32 rarely, if ever, have to go into DOS mode. They only times that happens is when you have a funky program or driver that runs in real mode. What your saying doesn't make sense from the way the Windows arch is done. The lowest level is the huge Window kernel. Sure it loads stuff, but those are modules, and drivers (being modules as well) can be considered part of the kernel. Additionally, Win32 programs run on a system-wide virtual Win32 machine. Win16 programs run in a single Win16 virtual machine, and DOS programs run in multiple DOS virtual machines that load DOS before running the program. The major 16 bit DOS legacy that Windows has is mainly the legacy from Win 3.1. Major parts of some of the Windows kernel modules, like user, are 16 bit, which leads to instability.
PS> Programs and modules loaded into the kernel count as part of the kernel.
A deep unwavering belief is a sure sign you're missing something...
I'm sure you meant "Isn't it nice that Linus released a fix for his operating system right after getting back from vacation, and let me use it?"
It's not your operating system. It's Linus's operating system. He just lets you use it. If you purchased an operating system from a commercial vendor, then your gripe is with that vendor - they are responsible for all bugs and security holes they ship, not the authors. The authors just provide software out of generosity, without warranty, express or implied.
That people think anything else is the bad sign.
Does anyone have the change log for this summed up yet. I know taht normally I check at http://www.linux.org.uk and Alan Cox has his summary of changes, but that is not up yet.
Well any hoo I just downloaded it, boy do I love fast connections.
On another note I am not sure why people want to do so many OS comparisons. Here is my take on all the OSes that I have used.
This is just my opinion take it or leave it.
send flames > /dev/null
Only 'flamers' flame!
There has been some FUD going around about how you can not sue Linux.
It is true.... and FUD...
Basicly.. you can not sue Linux or anyone who develups Linux for a defect in Linux due to the GPL. The GPL contains a shrinkwrap liccens that says you can not sue for defects in Linux.
Now here is the FUD part...
You can not sue Microsoft eather... Same reason...
Most (if not all) develupers have a shrinkwrap liccens that says you may not sue for software defects.
Not Sendmail not RedHat, Not Microsoft and not Sun Microsystems.
If a bug happends it's totally your problem.... no matter what your using...
In short... Real world... the lawyers have allready resolved this problem...
I don't actually exist.
I've been noticing people complaining about stuff like this. A lot. And I think I know the reason why it's always happening.
The people reviewing and approving stories don't review the links. They just post the story. Verbatim.
This is actually a good thing because if they started editting user submitted articles (the stuff in italics, all of it, in any way), they would be breaking their integrity, and a whole other segment of the /. community would be in an uproar. But, they are still responsible for these links. So what should they do?
How about updates and addendums. There used to be witty comments after each user submitted article. They could say things like CT: Use the mirrors from this list to download the kernel and leave the poor main server alone. Taking a little time to make sure the mirrors are respected shouldn't hurt too much.
Is this post not nifty? Sluggy Freelance. Worshi
I work at a company and i am in charge of 4 linux boxes (gateways and webservers)
and the only mailing list i need to check is the SuSE Security Announcements list,
if the bug is relevant to one of my systems download an RPM install it on the boxes i am done and done.
takes me about 10 mins to upgrade 4 boxes and i dont even leave my desktop. I takes me longer to download SP6.
So you i can safely say unless your support team are a bunch of cleuless monkeys you dont Need a massive support team.
42
What's the proverb? "NO SECURITY WITHOUT OBSCURITY!". I thought that was what the "Open Source Security Model" was all about?
I believe the industry truism that you're looking for is "security through obscurity is not security at all", and means the exact opposite of what you've taken it to mean.
Hint; OPEN Source. How do you get Open Source as being about security through obscurity? How could one hope to obscure anything for long with the source open?
Answer; they can't. Open Source security relies upon the principle that not all the skilled coders who are looking at the code are nasty criminals looking to hurt somebody. Some of them are professionals like the Sendmail crew, who are interested in making systems more secure by eliminating the bugs.
Unless you want to rewrite everything yourself, you get bugs fixed by publicizing them so that others will be compelled to fix them. Since one man can only put in one man-hour per hour, that's necessary.
As for whomever told you "NO SECURITY WITHOUT OBSCURITY!", you should stop using them as a resource immediately, because they're 30 years behind the state of the art in OS security.
--
Incidentally, all the others have the gall to charge you $100+ for something they won't stand behind.
Truth about Linux? WTF planet are you from? A new patch was released right after this was found. Much, much better then M$FT's solution - "Yeah, we know about that bug -- we plan on fixing it later sometime". Or "Yeah, we know about that -- it's a feature!" The turnover on this bugfix is what a day? Christ, if you expect people to be perfect all the time then why aren't you out making Operating Systems that work?
I score such a superfluous comment as -10 - Stupid.
This is incase anyone reading at mod -1 accually takes you sereously instead of seeing you for the outragous lier that you are.
Hello legal type person allow me to give you my own history....
Age 15 started busness ran same until age 23. Sence then I ran for office (and lost)...
In short I have a lot of experence in BS.
Everyone lives within a community...
It's just a part of being a part of socity.
Linux Weekly News - "For a lot of people who watch the Linux business community Bluepoint came, well, out of the blue. What is this company, and how did it manage to go public so quietly?"
First note... even Bluepoint is part of a community. They are a new company. Moreover they are not a US firm but in fact in China. The objective of the company seems to be to introduce it's version of Linux to Chiniese busnesses. Thats just my point of view. This company could also be just annother "Linux One".
Bluepoint isn't the first company to have the name Linux. For example VA Linux Systems. Who own Andover.. who own Slashdot... And do not own Linux.
At least your living up to the lawyer stereotype. Thats kinda sad too becouse most lawyers are honnest people. You however seem to sling the BS better than any politician....
Being a part of a community is no more illegal than breathing air.
Your not stupid... your simply full of it.
In fact I am not telling you ANYTHING you don't allready know...
Excluding the fact that I also know...
I don't actually exist.
The guys responsible for this are the guys at Linux One (code LINX) - a very well known distribution operating out of Nevada.
Be careful not to sue them though, they have some very high-powered lawyers (much more articulate than you) and would take *very* *unkindly* to someone damaging their IPO chances. So would the SEC.
So keep yoah beautiful head down and don't bite off more than you can chew.
Mielipiteet omiani - Opinions personal, facts suspect.
I verified the exploit and upgraded all my end-user shell boxes before 2am.
Sendmail did the right thing. Details of the vulnerability were already publicly available, but had been misreported as Sendmail bugs.
The impact is that any local user (local shell access is required) can become root using techniques simular to those effective against pre-v8 versions of Sendmail. I've found two other vulnerable applications, surely there are more. If you can't figure it out given the information provided, good. Just upgrade your kernel.
There is no remote exploit.
I would not throw to much praise to FreeBSD. Having the whole system on CVSup is cool, but I notice that someone broken "make world" in release not to long ago. Although, it was only broken for a couple of hours, there are advantages to not have your system rely on single place.
/usr/ports is pretty damn cool. I wish Slackware would get something this.
Linux O Muerte!
This is not any worse than many of the security holes found on other operating systems over the past several years. It is necessary, for an actually secure environment, to keep up with newsgroups for any operating system. In many ways, Linux' open source nature makes these types of bugs easier to find, and more likely to be fixed than covered up. Patch up you OS people....
I'm getting tired of running patches on top of patches (like the ide/udma patches)
is there a public CVS server that has the kernel so i can do a cvs update (and thus also auto merge)?
"Yeah, we know about that bug -- we plan on fixing it later sometime".
You forgot to mention the part about them putting the fix in a "service pack" along with brand new bugs. You can't pick and choose from MS's service packs, you have to take the whole thing. What's MS's record been with NT service packs? About 50 percent?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Actually, f was not used for s. A letter very like f was used for "nonfinal" lowercase s, but it was a seperate letter. In print, it looked like an f without the crossbar; in cursive, like an f with the bottom loop done backwards. It was used for lowercase s when it was not the last letter in a word, much like the greek sigma.
If you have a facsimile of the Declaration of Independence, you can see numerous examples in T. Jefferson's interesting handwriting.
-JD
If Microsoft released a patch to WinNT saying, "there has been a security flaw in it from NT 4 SP 5 and all previous releases," the slashdot crowd would be all over it claiming that MS is a crappy company, and if Windows was open sourced this would never happen. However, if Linux does it, it comes from the "making things better" department....
Very true, but then again I don't deal with NT - so I don't know much about the security model in place (snort) during a bugfix. All I do know is that a few short months ago I logged into an NT system of mine and figured that it was not worth anything (logged in as guest) started up the ole' M$dog debug program and told the system to low level the harddrive. It did.
Now that is (as Cartman would say) securitah.
Well written comment. I only have a couple of objections to some of your statements.
> Q: Does this make linux more secure than closed source systems?
> A: No!
What it does do is give Linux the *potential* to be more secure (note the emphasis). Patches are released early and often, usually within hours of the security hole being found.
> Q: Is linux more secure or less secure than other systems?
> A: There is no clear answer. Weigh up the pros/cons of the security records of each OS you are considering, and the areas in
> which they have had security problems and decide for yourself.
A system's security can only be judged by comparing it with other systems. No system can be absolutely secure.
So, let's compare it with Microsoft's security model (I know, easy target...). The hole with VBScript in Outlook has been well known for over a year (Melissa was the first widespread exploit). Yet it took until *last month* for MS to *announce* that they intended to release a patch for Outlook. They still have not actually released that patch.
This does lead me to believe that Linux has a far greater potential than NT for having greater security.
In post-9/11 America, the CIA interrogates YOU!
>It sounds like yet another reason for businesses to not widely deploy
>Linux, unless they can afford to keep a massive support team busy
>following each and every mailing list and newsgroup.
>Let's face it, the 15 year olds live for this. Do businesses want to
>run code children are climbing around in breaking?
>(score:-7 Truth about Linux)
Crap. If you don't do things like this, what happends is exactly what we saw with ILOVYOU. How long did you Microsoft assholes sit on your asses knowing the truth about the various Outlook/VBS problems and pretty much did (and haven't really) nothing about it untill a hell of lot of people got burned by you shitty software design? The world is changing loser. People are going to expect that problems with software connected to the internet to be fixed and fixed fast. They aren't going to be interested in hearing excuses from people like you anymore.
Okay, you really don't know how this is done, do you? "Linux" isn't an organization that has a bunch of IPO money and is responsible for the operating system called Linux. "Linux" is not a company (hence no stock ticker). "Linux" is just a kernel that a whole bunch of people have helped to create, inluding the people over at Sendmail. Suing "Linux" would be very, very difficult, since it's very difficult who/what to actually name in the suit. What is more likely the outcome you're looking for is a bit more complicated and actually involves a company. When a new kernel is released, noone's required to download it and use it. I should hope that most companies *don't*, simply because of the possibility of problems, they're better off sticking to a tried-and-true kernel version. What companies *should* do to upgrade is to upgrade their Linux distribution (RedHat, SuSE, etc...). Distributions (should) test the versions of software that they ship out. They use the tried-and-true versions of the kernel and other software. They're suable.
So, in summary, "Linux" is not suable, "Linux" isn't even an organization. When the OS known as Linux is used by a distribution, they open themselves to possible law suits, and that's why they don't use the bleeding edge kernels.
When will the code-heads join the real world, huh?
The ones that do open source generally don't want to. The open source world is a great excape to the corprate/law/marketing world. So those distribution companies sort of form a buffer layer between us and the real world. They do the marketing; they have the lawyers.
I must say, my partnership moved to Linux last week
Moving to Linux isn't the sort of thing that you do in a week. Also, you work at a law firm, right? You aren't supposed to "get it." You're lawyers, and you're actually paid not to "get it." :-) The less you understand of the technological details, the better for your clients. They pay you to understand the law, not technology.
Seriously, though the phrase is "There's no Security through Obscurity." It is generally thought in the Free Software community that having the source code open and available exposes the security holes to the prying eyes of many more developers, and therefore reduces the risk that such things will continue undetected for long. This one took longer to catch than some of the others. It's also more subtle and harder to exploit, as has been pointed out by others. Which is the opposite of what you're saying is the commonly held belief.
BTW, "the BSD thing" is ready for release. Has been since at least 1978. In many ways the BSD kernels are superior to the Linux kernel. In some other ways Linux has BSD beat.
You're a lawyer, so I expect you to see a lawsuit in every utterance. I wonder, though, if you're not just trolling here.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
You mean aside from USB, firewire, multimonitor, better plug & play, higher color icons, IE integration, improvement in memory management, harddrive organization optimizing, etc? By comparison, the changes from any release inside 2.2x is trivial. Plus, it did take many years to get from 2.0.x to 2.2.x so I don't think you can hold that over Microsoft. In addition, DirectX (a large component of Windows) was hugely overhauled in version 6 and 7 (near the release of Win98.) True, Win98 was not worth the extra 80 something bucks (I didn't buy it anyway. Actually, I've never bought a copy of Windows. Of course, I in no way encourage CD copying :) However, it was still much bigger than the changes between kernel versions. Also, take a look at Microsofts website sometimes. They post patches to security leaks quite often (much more often than the month or so it takes for a new kernel.) Sure Windows is unsecure, but that's because the model is flawed, not the slow pace of updates.
A deep unwavering belief is a sure sign you're missing something...
Most modern bioses have password protection. Mind you, it may not be the most secure and access is often only a jumper pull away, but it's better than nothing (not that I use it).
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
I wrote two little programs to test this; one to test whether giving up privileges works, the other to start a shell with the CAP_SETUID capability removed. To check the bug on your system do:
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/blep.c. c
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/suidcap
$ gcc -o blep blep.c ./blep ./suidcap ./blep
$ gcc -o suidcap suidcap.c
$ su
Password:
# chown root.root blep
# chmod 4755 blep
# exit
$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] [your-uid]
(this is the expected result)
$
launching shell...
sh-2.03$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] 0
PROBLEM!!
If you don't see the 'PROBLEM!!' part, then you don't have a problem.
First of all I would like to point out that the underlying cause of this is that Linux is moving towards having two security models. One is the traditional, "Root is GOD but can setuid" model and the other is "POSIX capabilities". This is a situation where an operation that should have worked under the old but which due to an oversight was insecure on the new. This may not be the last thinko of this sort. OTOH POSIX capabilities are an improvement on the old model so this is good in the long run.
Now why am I saying POSIX capabilities? Well here is a FAQ that goes into what is in the kernel. The traditional definition of capabilities are used by, for instance, EROS. This is incredibly secure. So when the POSIX standard was being developed for improving security by borrowing VMS' "privileges" they deliberately called them "capabilities" to introduce confusion and make people think they were better than they are. (Not that they are not an improvement on the old...)
Now the good sendmail folks have at this point every reason to believe that this particular thinko is likely not limited to Linux. Hence their check which they would hope will catch other current examples, and future ones if other people mess up. If they didn't do something like this then their (already pretty bad) reputation for security would get worse as they are an obvious target for taking advantage of setuid bugs.
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht