Local Root Hole in Linux Kernels
xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."
With all the brainpower on /. I'm sure we can discover a way.
Got Root?
Journal Entries:
(looks at watch) its monday again... time to go patch my IIS
(looks at watch) its tuesday again... time to go patch linux.
Lo-Cal Root Hole in Linux Kernels
I think I saw this in an advertisement for granola.
mmmm... breakfasty
Best Windows Freeware
(Server Room, DP) A hole was found in 'cypress', one of the principle Linux file, email and web servers of Brapco Corp early today. "We were dusting out around the back", said Mike Koyro, IT manager of Brapco, "and there it was, right by the power supply." The hole was quickly verified by other members of the IT dept as "really there". Speculation that it may be a screw hole was quickly dispelled when Frank, chief scripting officer, pointed out it didn't have any threads, and no screws were found loose anywhere nearby. "If someone got in here and drilled it during the night, they sure did a clean job - there's no shavings on the floor and the hole has no burrs" observed Mike. "It was either a professional job, with a sharp bit and machining oil, or a manufacturing defect". Calls to Linux Security were unanswered as of press time.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Haleulia and pass the green beer. It's not in Welsh.
BTW: If you haven't read, or tried to read, Alan's blog you won't get the joke.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
I guess they were just trying to out-do the IIS hole.
... there's always "linux single" ... :)
Ah well
We're not patching, we're in denial.
____
ATS11=0 the secret to beating everyone else to a 1 line board.
Until the patch has been tested and distributed, you can prevent the bug from being exploited by locking the door to your office.
I know "Cymru" means "Welsh" but that's about it.
:o)
Tux, the beloved Linux mascot is Welsh!
It's true! Tux is a penguin..
Penguin is derived from two Welsh words: Pen (head) and Gwynn (white)...
So (besides Alan) there is another link between Wales and Linux.
(That, and I've tripled your knowledge of the Welsh language
Well, I, ahhh....
Shut up!
Would someone please mod my previous post down as "fingers faster than brain"?
Thank you.
My beliefs do not require that you agree with them.