Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux 2.4.24 Release Fixes Root Vulnerability

Posted by simoniker on from the version-plus-plus dept.

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

10 of 436 comments (clear)

  1. 2.4.x? by devphaeton · · Score: 5, Funny

    I thought that everyone jumped to the 2.6.0 by now?

    Oh wait, it's been 2 weeks already,
    TIME FOR A RECOMPILE!!

    --


    do() || do_not(); // try();
  2. Quick! by Anonymous Coward · · Score: 5, Funny

    Use Depenguinator on all the unpatched boxen! Let the revolution begin! >:)

  3. Re:Article title misleading... by gazbo · · Score: 5, Funny
    Sir,

    You are dangerously close to making me believe that a slashdot editor both reads the site and actually takes action based on it. This is distorting my worldview, and most halt.

    plfxthx.

  4. XFS Filesystem by Dibblah · · Score: 5, Funny

    AAAAAARGH!

    It's XFS. NOT XFS Filesystem. I'm gonna do something illegal to the next person that says ATM machine, too.

    1. Re:XFS Filesystem by AKnightCowboy · · Score: 5, Funny
      I'm gonna do something illegal to the next person that says ATM machine, too.

      Isn't that the thing where you type in your PIN number?

  5. Re:Article title misleading... by mbyte · · Score: 5, Informative

    its been in the kernel since the 2.2 days .. the 2.2 series kernel's are also affected.

    read the synopsis: here
  6. RedHat fixed orphaned versions by Kalak · · Score: 5, Informative

    Possibly due to the fact that the last kernel fix was a week ago, or just that the patch is minoor, or because RH is being kind to those of us who still have reasons to run RH 7.3 just yet, but look to RH for a kernel update if you need one for 7.x and 8 which are unsupported in 2004. Thanks RedHat. Saved me a panicked kernel decision. I desperately didn't want to return from a vacation to a timetable jump of a few weeks.

    --
    I am, and always will be, an idiot. Karma: Coma (mostly effected by .hack)
  7. Re:Article title misleading... by Anonymous Coward · · Score: 5, Funny

    If it ain't broke...

    ...it is now.

  8. Re:How do you patch? by demi · · Score: 5, Informative

    Okay:

    1. Download patch to /usr/src
    2. cd /usr/src (since that's where you say your linux-2.4.23 is)
    3. bzip2 -dc patch-2.4.24.bz2 | patch -p0
    4. mv linux-2.4.23 linux-2.4.24
    5. cd linux-2.4.24
    6. Now build and install your kernel as you like it, just as you would from the virgin tarball (make depend; make however you make your kernel and modules).

    Hope that helps!

    --
    demi
  9. Kernel patches as modules? by Ktistec+Machine · · Score: 5, Interesting
    Hi folks,

    I remember, back when the last ptrace bug was found, some kind soul created a kernel module that (a) renamed the current ptrace function to something else and (b) implemented a new wrapper function that first checked to see if you were root, before deciding whether to call the old ptrace. Slick!

    I'm surprised this sort of workaround hasn't been done for other kernel bugs. It seems it wouldn't even have to be a workaround. A module could actually provide a new, repaired version of the buggy routine. Couldn't it?

    I can imagine insmoding a list of "kernel-fix" modules at boot time. Then, every once in a while , I'd upgrade my machines to a new kernel, but without the urgency of getting a new kernel installed RIGHT NOW! to fix a small (code-wise) security problem.