Slashdot Mirror


Local Root Hole in Linux Kernels

xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

18 of 495 comments (clear)

  1. How is Microsoft responsible? by jmulvey · · Score: 5, Funny

    With all the brainpower on /. I'm sure we can discover a way.

    1. Re:How is Microsoft responsible? by lavalyn · · Score: 5, Funny

      Microsoft would have a monopoly on privilege escalation exploits if not for Linux.

      --
      Doing the Right Thing should not be preempted by making a buck.
    2. Re:How is Microsoft responsible? by kfg · · Score: 5, Funny

      I think the late George Mallory put it rather succinctly:

      "Because they're there."

      On the other hand, in the words of Voltaire:

      "If Microsoft didn't exist it would be necessary to invent them."

      However, regarding the current kernel situation I think my deeply missed old granny put it best:

      "Oh fuck."

      KFG

    3. Re:How is Microsoft responsible? by kasperd · · Score: 4, Funny

      Microsoft would have a monopoly on privilege escalation exploits

      No, Microsoft has a bulletproof way to prevent privilege escalations. They simply make sure the attacker gets all privileges at once, then there is nothing to escalate.

      --

      Do you care about the security of your wireless mouse?
  2. Got Root? by FAngel · · Score: 5, Funny

    Got Root?

    1. Re:Got Root? by Anonymous+Cow+herd · · Score: 5, Funny

      I do now >:)

      --
      Ita erat quando hic adveni.
    2. Re:Got Root? by cyb97 · · Score: 3, Funny

      Just give me a minute ;-)

    3. Re:Got Root? by wirelessbuzzers · · Score: 5, Funny

      I do now >:)

      I believe you mean "#:)"

      --
      I hereby place the above post in the public domain.
  3. It's Tuesday by Anonymous Coward · · Score: 5, Funny

    Journal Entries:

    (looks at watch) its monday again... time to go patch my IIS

    (looks at watch) its tuesday again... time to go patch linux.

    1. Re:It's Tuesday by charon_on_acheron · · Score: 3, Funny

      Four day week, huh? Must be nice. :^P

  4. Love the headline by L.+VeGas · · Score: 3, Funny

    Lo-Cal Root Hole in Linux Kernels

    I think I saw this in an advertisement for granola.

    mmmm... breakfasty

  5. Hole Found in Linux Server by ch-chuck · · Score: 5, Funny

    (Server Room, DP) A hole was found in 'cypress', one of the principle Linux file, email and web servers of Brapco Corp early today. "We were dusting out around the back", said Mike Koyro, IT manager of Brapco, "and there it was, right by the power supply." The hole was quickly verified by other members of the IT dept as "really there". Speculation that it may be a screw hole was quickly dispelled when Frank, chief scripting officer, pointed out it didn't have any threads, and no screws were found loose anywhere nearby. "If someone got in here and drilled it during the night, they sure did a clean job - there's no shavings on the floor and the hole has no burrs" observed Mike. "It was either a professional job, with a sharp bit and machining oil, or a manufacturing defect". Calls to Linux Security were unanswered as of press time.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  6. IT'S IN ENGLISH!!! by strredwolf · · Score: 4, Funny

    Haleulia and pass the green beer. It's not in Welsh.

    BTW: If you haven't read, or tried to read, Alan's blog you won't get the joke.

    --

    --
    # Canmephians for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.net";
  7. Hrm by B3ryllium · · Score: 3, Funny

    I guess they were just trying to out-do the IIS hole.

    Ah well ... there's always "linux single" ... :)

  8. Re:Huh by ageOfWWIV · · Score: 4, Funny

    We're not patching, we're in denial.

    --

    ____
    ATS11=0 the secret to beating everyone else to a 1 line board.
  9. In the meantime... by TheSHAD0W · · Score: 4, Funny

    Until the patch has been tested and distributed, you can prevent the bug from being exploited by locking the door to your office.

  10. Tux is Welsh!!! by schon · · Score: 4, Funny

    I know "Cymru" means "Welsh" but that's about it.

    Tux, the beloved Linux mascot is Welsh!

    It's true! Tux is a penguin..

    Penguin is derived from two Welsh words: Pen (head) and Gwynn (white)...

    So (besides Alan) there is another link between Wales and Linux.

    (That, and I've tripled your knowledge of the Welsh language :o)

  11. Re:I'm not going to patch. by gosand · · Score: 3, Funny
    Have you considered the possibility of someone exploiting a non-root remote hole on your box and now having the ability to escalate themselves to root?

    Well, I, ahhh....

    Shut up!

    Would someone please mod my previous post down as "fingers faster than brain"?
    Thank you.

    --

    My beliefs do not require that you agree with them.