Linux Kernel Bugs

Armin Herbert writes: "According to this mail from Rafal Wojtczuk and a german article on Heise Online, there's a new severe bug in all Linux Kernels, from 2.2.0 up to 2.4.10, which allows users to become root on your system. Kernel 2.4.12 fixes this problem, and RedHat, Caldera and other distributors already supply patches for their Kernels. See Bugtraq for more information." Important notes for anyone running a multi-user system. Update: 10/19 16:12 GMT by J : If I'm reading Nergal's writeup correctly, 2.4.10 is still vulnerable to the local DoS, but not to the local root exploit. Separate issues. And as pheared points out, there is one unverified report of a custom 2.4.12 being vulnerable as well; please try the exploit on your system and let us know what you find. This is a big one, you can expect the kiddies have already added this to their rootkits. Update your systems now!

"Only" a local root exploit

[Baki]

Before screaming, please remember that this is only a local root exploit, that is you must already have logged in on the machine as non-root before using this exploit.

Most Unixes have had dozens of (sometimes known) local root exploits for years, and while most of them have been ironed out, some surely remain. They are much much harder to eradicate as exploits directed to network services (i.e. from the outside) are. Every once in a while one is discovered in most UNIXes (often obscure race conditions etc).

Till a few years ago the saying was that you should never give a local login to someone who you would not trust to be root, i.e. one could assume that sooner or later those that really try to become root shall succeed. Any mission critical servers should not have any user accounts for untrusted people; therefore, local root exploits have never been considered to be a big deal.

If you want to compare to Windows: up till Windows XP it wasn't even possible to be logged in as multiple users at the same time, so the equivalent of a local root exploit was not really possible. Still, Windows managed to have multitudes of the way more stupid and serious class of remote exploits. With the advent of Windows XP the concept Windows kind of becomes multi-user for the first time (though in a very crude way, since unlike UNIX/Linux each login session almost starts a new instance of larger parts of the operating system). While this new concept is 30 years old in UNIX, only now Windows (XP) starts having the possibility of local exploits. Surely many of them will exist and it will take decades to kind of iron them out.

Re:What is a Good Mailing List for this Info?

[teg]

Can someone recommend a good mailing list for linux issues? I am using mostly RedHat boxes, but they don't seem to have any free mailing list that I can find (perhaps they have one i don't know about).

Go to our mailing list server, and sign up for redhat-watch-list.

2.4.12-aa1, or even better 2.4.12-pre3aa1

[On+Lawn]

Hmmm, according to the LWN that you linked to, aa patches have the best performance.

For those that don't know aa stands for Andrea Archelangi who one of the very importent kernel hackers. It was a large part of his effort that stabalized the 2.2 VM. Although it is debated on which VM is better, over 90% of the benchmarks I've seen have pointed to AA being the better choice.

AC even mentioned that the AA-VM was the right way to go, just too wild of a change for a stable kernel series. There is too much conspiracy theory going on that AC is hijacking the kernel for RedHat, or that the RedHat crew has a not-invented-here phobia for not including the better VM.
Now on to a more editorial comment.

There seems to be quite a war on this right now, but I think it will settle down in about 6 months or so like the ReiserFS wars have. I also think that we'll see a new order established in the stabalizing of kernels.

I have no political say, but I expect that Linus will run a kernel that will be considered the "experimental, quicker evolving" kernel where things change violently. AC and others job will may to pull out pieces to salvage a semblance of stability, essentialy forking the stable branches from Linus's more exotic cutting edge kernel.

This seems to be how things run in any case when there is a developmental kernel, and they run pretty well. The question that may be asked is "Does Linus need to slow down his effort to stabalize at all?" Its arguably true that the answer is "yes", but only to a degree that suits his own needs for order in his life-long persuit of the sexy kernel.

Linus himself mentioned that AC does a better job of it, maybe its time to give him the whole forking-a-stable-kernel job.

Re:well... Duh...

[BMazurek]

You should not have world exec programs set suid, especialy on a system that you expect to be completely secure.

'Cause no local user ever needs to run passwd.

Or df.

Or ping.

Or xterm.

Or rlogin.

Or su.

Or top.

Or traceroute.

A completely secure machine is a painful thing to work on. Yes, it may be necessary in some circumstances. Banning world executable setuid programs is a securing technique, but it's not the blessed saviour you're making it out to be.

Parallels a situation many governments are facing right now: How much security do you implement to protect your population while still maintaining some semblance of freedom?

Re:Hardly.....

[tshak]

Name one exploit of late that was compromised (read: actual cases, not NTBUGTRAQ "COULD HAPPEN" reports) before M$ released a patch. Most all exploits occurred on unpatched machines when the PATCHES WHERE AVAILABLE well before the script kiddies got ahold of the exploit.

Now, don't get me wrong, some of these holes should be an embarassment to the respective development teams. Hopefully with XP and in the future Microsoft will step up on security issues from a software design level. However, from a response level, they are doing an incredible job.