Slashdot Mirror
Linux 2.4.24 Release Fixes Root Vulnerability
diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."
In this case, "-1, Flamebait" can be read as "The truth hurts, don't it?"
My experience with Linux is the same as the parent poster's: patching, patching, patching if you're up-to-date with the latest 2.x version, or running a kernel from 3 years ago if you prefer stability to tinkering.
I don't expect I'll be switching to 2.6 until May. The 2.6.1 release is very important to me as it includes a lot of patches previously rejected by Linus. I expect by May we'll have 2.6.3 at least and this kernel will be on its way to rock solid stability. As for now, 2.4 is in maintenance mode and will only be updated for bug fixes. This is great because it will replace the 2.2 kernel in this arena. But in this limbo we are in now, 2.4 is good enough for me.
For the Microsoft trolls to pick this one up.
Is this just more proof that Linux was built by amateurs? Or wait - I know - that Linux can't be trusted because the source code is open.
Now, for those who think I'm serious, think about it for a moment. Slashdot hypes up every single MS vulnerability as "proof" that MS systems are inherently insecure. And I wouldn't disagree that MS systems are insecure. But discovering a single (or a few) vulnerability doesn't make an OS insecure.
What it comes down to is vigilance and design. The numerous security holes in MS products are a result of bad design, not merely a mistake or two. And this is the big difference between this vulnerability - a mere isolated mistake - and Microsoft's complete lack of engineering which ensures that their software _will_ have security holes.
Okay, flame away Microsofties!
The society for a thought-free internet welcomes you.
"Just because the proof of concept exploit was created DOESN'T MEAN IT WAS RELEASED! If Linus and one other guy are the only ones with the proof of concept exploit, there is no reason to fear the script kiddies yet."
No, but it means the exploit is valid and worth patching. Its not like a lack of code in the wild means the script kiddies don't have it, just that they're good at hiding it. If sysadmins of the world knew how long some ssh exploits were private.. scarey world.
I'm assuming you're more of a windows admin, where you don't patch until you notice a new admin account named 'zer0c00l' has been created?
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
Maybe this widespread usage is an effort to avoid confusion (e.g. with XFS fonts or ATM networks)?
Prescriptive grammar:linguistics
Isn't that an oxymoron?
Well, it should be.
The coolest voice ever.
Microsoft has a lot more security issues than any typical linux distro.
;-)
They only reason you don't hear about them so often anymore, is the fact that they recently changed from a weekly patch release cycle, to a monthly patch release cycle.
That, and Automatic Updates.
XFS is also the X font server.....
Remember, just because the good guys have found this problem now, doesn't mean the bad guys didn't find it first, a while back.
I wouldnt brag about running IIS FTP and file services on your AD box if I was you. That is if your FTP is accessible from the outside, you weren't clear :\
Uh, right. "make bzImage" actually takes a couple minutes on any decently fast computer. You don't need to rebuild all the modules, and even that will take much less than an hour unless you're running ancient hardware.
LOAD "SIG",8,1
Sounds like you're running your X window system with a nice value. Handy trick for better responsiveness in 2.4, but lethal in 2.6.
Nice values *really* make a difference in 2.6
Holes like elevation of privileges (like this one) cannot be used by worms since they work only when you already have access to the system. So while these bugs are bad enough, they are still not nearly as bad as the Win-RPC, or the bugs that allowed Nimda, CodeRed etc. to exist.
Having written Windows software for years, I can tell that if local exploits ever become a concern for Windows (e.g. if Windows ever goes multiuser in a big way, where a local user may want to exploit the machine), almost every Windows application will have big problems with local exploits
...are pretty much only for convienience, that is to keep user settings and such separate among a group of mutually trusted users (like say, a family). There's not much in terms of real security.
That users created at install time default to admins with no passwords only goes to prove that even more. Which is fine, as long as a) noone unauthorized can get to the machine and b) all the users trust eachother.
On the other hand, local exploits are a grave concern in many settings, say for example a university where each student has a local account. So they should by no means be taken lightly, even if they don't produce worms.
Kjella
Live today, because you never know what tomorrow brings
I'm sure he'd be happy to put those in his home directory too.
XFS is not incorrect. XFS is not an acronym, even if you want it to be. XFS is the name of the file system. You can not expand it out and talk about the "X File System", even if you wanted to, because that's not what it's called.
It's the filesystem named "XFS". Or, to put it another way, the XFS file system.
Slashdot is probably not the best forum to get a timely response from the maintainers of the relevant parts of the kernel or X. Perhaps you should file a bug report in a more appropriate place?
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
The title of the article says "Root Vulnerability"!
Anybody with any rudimentary knowledge knows that this is about the worst possible thing they could say. They did not even say "Local Root Vulnerability" which they could have.
Yes, holes like this weren't responsible for the exploitation of code servers at Gentoo and Debian.
Oh wait, yes they were.
$ man nice
On kernel 2.4 and earlier, you usually gave the X-server a negative nice-value to give it higher priority which lead to somewhat better responsivness. But the 2.6-kernel has a new rewritten scheduler (?) that detects if the process is interactive or not and handle them differently to make interactive apps more responsive while giving non-interactive apps more throughput. By renicing the X-server you foul the kernel to not make use of this and thus get a much less responsive X desktop.
If you just compiled and installed the 2.6 kernel on a 2.4 distro that is not 2.6-ready you'll have to mock with the X startup-scripts to remove the nice/renice-stuff to make use of the great 2.6 desktop-features.
My other account has a 3-digit UID.
Maybe, but to upgrade your kernel you don't have to purchase an entire operating system to go along with it...
--guru
I always end up rebooting manually, on glibc, ldd, and kernel security fixes. Generally pam changes too. Those are libraries that get sucked into early binaries and never get restarted. I suppose I could reboot into single user mode for everything but the kernel, but a reboot is a good idea anyways.
Kirby
Seems to me, those eyes just found something...
I think you are missing the point. These people are not worried about someone walking in and taking hardware, they are worried about someone sneaking into the system and using it as a zombie or steal information without anyone knowing about it.
You also missed the obvous, this bug can, in theory, be exploited remotly given the right kind of access.
It doesn't really matter how long the bug/exploit existed. What matters is how big of a problem the exploit is and how fast it is fixed. Microsoft tends to take forever to fix it's bugs and it doesn't always do that right. Some patches would undo other patches and one of my friends ran Windows Update and it broke his ability to connect to the Internet.
Why the hell are you comparing a Kernel to a collection of Operating Systems and Operating Environments (Windows 3.X 9X are not actually sperating systems) ?!? Most of the exploits of a Linux Distro are from the third party packages. I don't ever remember seeing anyone faulting Microsoft for a security hole in Windows caused by some third-party software. That Caldara exploit was most likely in a distro package, not Linux. Please get your terminology down before you pretend to know something.To take advantage of the mremap() syscall bug a person would either need to be able to run an executable on the Linux Box or be able to get some poorly written program to do it. And what business do most programs have calling mremap() anyway? This is not an easy bug to exploit. I would say that this exploit is not that big of a problem for most people and was fixed quickly. For people running a system where the admin was stupid enough to give untrustworthy people a login accout or somehow the ability to run executables, well, they should have been expecting something bad to happen.
Yah, and guess where your head is stuck? I'll give you a hint, it's not the sand. :p
"Windows is better because. . .. Linux is better because. . . Mac is better because. . . Whoever sets the terms of the argument always wins (unless that person has no idea how to argue correctly)" -- MrNybbles
Losing faith in humanity one person at a time.
Losing faith in humanity one person at a time.