Slashdot Mirror


Local Root Hole in Linux Kernels

xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

8 of 495 comments (clear)

  1. How is Microsoft responsible? by jmulvey · · Score: 5, Funny

    With all the brainpower on /. I'm sure we can discover a way.

    1. Re:How is Microsoft responsible? by lavalyn · · Score: 5, Funny

      Microsoft would have a monopoly on privilege escalation exploits if not for Linux.

      --
      Doing the Right Thing should not be preempted by making a buck.
    2. Re:How is Microsoft responsible? by kfg · · Score: 5, Funny

      I think the late George Mallory put it rather succinctly:

      "Because they're there."

      On the other hand, in the words of Voltaire:

      "If Microsoft didn't exist it would be necessary to invent them."

      However, regarding the current kernel situation I think my deeply missed old granny put it best:

      "Oh fuck."

      KFG

  2. Got Root? by FAngel · · Score: 5, Funny

    Got Root?

    1. Re:Got Root? by Anonymous+Cow+herd · · Score: 5, Funny

      I do now >:)

      --
      Ita erat quando hic adveni.
    2. Re:Got Root? by wirelessbuzzers · · Score: 5, Funny

      I do now >:)

      I believe you mean "#:)"

      --
      I hereby place the above post in the public domain.
  3. It's Tuesday by Anonymous Coward · · Score: 5, Funny

    Journal Entries:

    (looks at watch) its monday again... time to go patch my IIS

    (looks at watch) its tuesday again... time to go patch linux.

  4. Hole Found in Linux Server by ch-chuck · · Score: 5, Funny

    (Server Room, DP) A hole was found in 'cypress', one of the principle Linux file, email and web servers of Brapco Corp early today. "We were dusting out around the back", said Mike Koyro, IT manager of Brapco, "and there it was, right by the power supply." The hole was quickly verified by other members of the IT dept as "really there". Speculation that it may be a screw hole was quickly dispelled when Frank, chief scripting officer, pointed out it didn't have any threads, and no screws were found loose anywhere nearby. "If someone got in here and drilled it during the night, they sure did a clean job - there's no shavings on the floor and the hole has no burrs" observed Mike. "It was either a professional job, with a sharp bit and machining oil, or a manufacturing defect". Calls to Linux Security were unanswered as of press time.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }