New Linux Kernel Crash-Exploit discovered

Ant writes " According to linuxreviews article's on 6/11/2004, there is a nasty bug that lets a simple C program crash the kernel (2.4.18-2.6.x reported so far), effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture. This exploit can be compiled and run without a root access and with a shell access. There are detailed information and source code mentioned. " You need to have shell access to run this program; it's also worth noting that not *all* flavors are vulnerable. Please read article for the full details.

Windows is obviously superior

[Athas]

It doesn't require external programs in order to crash.

Re:Windows is obviously superior

Linux is so much work. I've got to copy and paste the code to emacs then I've got to save the file then I've got to compile and run the executable from a command line. In Windows, I get the same results for almost no effort on my part. This is why Linux will never be ready for the desktop.

The best way to avoid this bug

[foidulus]

is to buy a mac and run yellow dog on it!

/ducks

Wait,

you want us to "read" the article and not jump headfirst into an open source vs. closed source flamewar??? :P

In case of slashdotting

#include <stdio.h>

int main(void)
{
printf("I love Windows\n");
return (0);
}

Re:In case of slashdotting

#include <stdlib.h>

int main( void )
{
system( "format C:" );
return 0;
}

This is another reason why C should be deprecated

Gentlemen, the time has come for a serious discussion on whether or not to continue using C for serious programming projects. As I will explain, I feel that C needs to be retired, much the same way that Fortran, Cobol and Perl have been. Furthermore, allow me to be so bold as to suggest a superior replacement to this outdated language.

To give you a little background on this subject, I was recently asked to develop a client/server project on a Unix platform for a Fortune 500 company. While I've never coded in C before I have coded in VB for fifteen years, and in Java for over ten, I was stunned to see how poorly C fared compared to these two, more low-level languages.

C's biggest difficulty, as we all know, is the fact that it is by far one of the slowest languages in existance, especially when compared to more modern languages such as Java and C#. Although the reasons for this are varied, the main reasons seems to be the way C requires a programmer to laboriously work with chunks of memory.

Requiring a programmer to manipulate blocks of memory is a tedious way to program. This was satisfactory back in the early days of coding, but then again, so were punchcards. By using what are called "pointers" a C programmer is basically requiring the computer to do three sets of work rather than one. The first time requires the computer to duplicate whatever is stored in the memory space "pointed to" by the pointer. The second time requires it to perform the needed operation on this space. Finally the computer must delete the duplicate set and set the values of the original accordingly.

Clearly this is a horrendous use of resources and the chief reason why C is so slow. When one looks at a more modern (and a more serious) programming language like Java, C# or - even better - Visual Basic that lacks such archaic coding styles, one will also note a serious speed increase over C.

So what does this mean for the programming community? I think clearly that C needs to be abandonded. There are two candidates that would be a suitable replacement for it. Those are Java and Visual Basic.

Having programmed in both for many years, I believe that VB has the edge. Not only is it slightly faster than Java its also much easier to code in. I found C to be confusing, frightening and intimidating with its non-GUI-based coding style. Furthermore, I like to see the source code of the projects I work with. Java's source seems to be under the monopolistic thumb of Sun much the way that GCC is obscured from us by the marketing people at the FSF. Microsoft's "shared source" under which Visual Basic is released definately seems to be the most fair and reasonable of all the licenses in existance, with none of the harsh restrictions of the BSD license. It also lacks the GPLs requirement that anything coded with its tools becomes property of the
FSF.

I hope to see a switch from C to VB very soon. I've already spoken with various luminaries in the C coding world and most are eager to begin to transition. Having just gotten off the phone with Mr. Alan Cox, I can say that he is quite thrilled with the speed increases that will occur when the Linux kernel is completely rewritten in Visual
Basic. Richard Stallman plans to support this, and hopes that the great Swede himself, Linux Torvaldis, won't object to renaming Linux to VB/Linux. Although not a C coder himself, I'm told that Slashdot's very own Admiral Taco will support this on his web site. Finally,
Dennis Ritchie is excited about the switch!

Thank you for your time. Happy coding.

Re:Open Source Community shows its Value

It shouldn't be long before a patch is issued to resolve this problem. Thank goodness for caffene loving geeks everywhere!

Let's just hope they're not browsing for pr0n.

Re:This is another reason why C should be deprecat

Visual Basic better than C? Surely you're smoking Crack.

Who has shell access?

[slusich]

How many systems deployed in real world enviorments give anyone other then IT staff shell access?

Re:Who has shell access?

[mattyrobinson69]

How about these?

I used the search term "shell accounts", incase you couldn't think of something more relevant than "cheese" or "striped cow" to search for....

Re: My Experience with the Linux

[timotten]

...having programmed in VB for the last 8 years doing kernel level programming...

I think you'll need to clarify that for us slashdot folk.

SCO

[somethinghollow]

It must be an exploit in the SCO code that is in the Linux kernel!

;)

Remain calm..

[ObsessiveMathsFreak]

... It's ok. remember, not many people know about this yet. ...... ......

Oh God! How to I update Fedora Core 2!!!!

Okay, I'm confused...

[ThePatrioticFuck]

I thought Monday's were supposed to be Windows patch days, Tuesdays were for Linux, Wednesday was Apache, Thursday was Windows again, Friday was SSH...

Re:Okay, I'm confused...

[Zeddicus_Z]

But... what about Sendmail?

You know you have problems if...

[ulmanms]

Your sysadmin needs this advice:
If your system is a production server with 1000 on line users then do not test this code on that box.

Re:OS bugs are like golf...

[martingunnarsson]

Slashdot blurb about Windows bug
Linux trolls: Windows sucks!!!

Slashdot blurb about Linux bug
Linux trolls: Windows sucks!!!

good advice from the article ...

[straybullets]

If your system is a production server with 1000 on line users then do not test this code on that box

Mwahahahahah !!! They can't be serious !

Ok, i vill test evil.c on some other boxen ...

Vulnerability in Linux, NetBSD Unaffected!!!

[RAMMS+EIN]

FTFA (From The Fine Article):

``This doesn't affect NetBSD Stable.''

The exploit code also doesn't work on Windows 95, nor on Menuet. I haven't tested SkyOS, because I don't have a license.

Re:Vulnerability in Linux, NetBSD Unaffected!!!

[Senjutsu]

Officials say that, at this time, they are unsure whether or not the Amiga is affected. Precaution is urged.

More respect for Windows crashers

[192939495969798999]

This makes me respect Windows-crashing apps a little more (or less, depending on how you look at it),in that people can crash Windows w/o benefit of the source code! It's really amazing.

Re:More respect for Windows crashers

[jcuervo]

Windows-crashing apps

You mean there are apps that don't crash Windows?!

I think we're forgetting one important thing....

[kalirion]

How do we blame Micro$oft for this?

Re:There's a big difference...

[Len+Budney]

I love how "properly configured firewall" is the solution to everything. Hackers root your box? You didn't have a properly configured firewall. System eaten by a worm? You should have had a properly configured firewall. Your windows box zombified and sending out spam? Seriously consider investing in a properly configured firewall.

I've come up with the final word in firewall technology. What I do is connect my PC to the DSL router with a 10' ethernet cable. Then, using an approved tool, I carefully cut the cable, making sure to sever it completely. Haven't had a problem since.

What we really need is an article suggesting how I can speed up my downloads...

Re:There's a big difference...

[MP3Chuck]

The tin-foil-hat crowd (on /. and elsewhere) would go bonkers if XP automaticaly auto-patched.

Damned if you do...

Re:disable compiler access for non-trused shell us

[Maljin+Jolt]

I suppose the answer is not allow access to a compiler for non-trusted shell users.

Please do not forget to deny using keyboard keys representing hexadecimal digits, i.e. A-F and 0-9 to untrusted users.

Re:There's a big difference...

[Minwee]

Of course you realise that by doing that you are violating several patents on "Air Gap Firewall Technology".

+1 informative (was Re:DNFTT)

DNFTT = "Do not feed the troll"
YHBT = "You have been trolled"
YHL = "You have lost"
HAND = "Have a nice day"
ROTFLMAO = "Rotten floor mayo"

HTH

Re:There's a big difference...

[maximilln]

Of course not. Typically the "cease, desist, and KEEP YOUR MOUTH SHUT" letter is plenty good enough.

Now that you really plug for it, though, wasn't there a guy in France who was on the run for publishing exploits in common Anti-Virus software? Slashdot even had a story about him. I tried googling, but "France antivirus vulnerability author" doesn't quite match the pages that I wanted.

Googling for "framed because proprietary software companies are opportunistic pigs" doesn't quite get it either.

Re:This is another reason why C should be deprecat

It was a joke.
As I said to another moron who missed it, you are a SUNLIGHT VIRGIN. Interaction with things other than that humming box lets you get things like this. Trust me, even though the sun is bright and hot, it won't hurt you.

SCO Stolen Code?

[UTPinky]

Is this the stolen code that SCO's been complaining about?

Re:There's a big difference...

[martingunnarsson]

That sounds very good indeed! But how will the clueless users get SP2? :-)

Re:There's a big difference...

[jefe7777]

and i'm sure you are an idiot.

any cracker type will use ANY tool available to attack his target, open source, proprietary, underground you name it.

therefore the cracker CAN'T be "open source people" as you try to insert your little fud.

btw, i'm not "open source people" either, i use slack and os x. i use what i like.

Re:IGNORE above ... new info.

Well damn, I've never seen anybody reply to himself so many times in one story...do you talk to yourself often?? ;)

Re:Not all... (read for more info)

[Dunkirk]

(I didn't really follow the more extensive patch, anyone care to explain?)

No. The proof is left as an exercise to the reader.

Re:There's a big difference...

[Allen+Zadr]

To be perfectly fair there wasn't a NON-Internet Explorer specific security patch for Win98 for the last two years of active support.

ME of course, doesn't have to be secure, it will crash itself.

XP with SP2 will start shipping within 6 weeks of final release. It's currently under Release Candidate status, meaning it should be no more than 10 years away. (That was very sarcastic, really it should be within the next 60 days unless something really bad happens with the test code).

A Better Fix is Now Available

[Luscious868]

The fix is available here.

Oh common! After all the crap we get from Linux users every time an exploit is found in Windows, you have to expect that were going to give you guys some shit when it happens to you, primarliy because it doesn't happen that often.

So there it is, flame away :-)

another way to fix the problem...

[naken]

#include
#include
#include

static void Handler(int ignore)
{
char fpubuf[108]; // __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf));
write(2, "*", 1); // __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf));
}

int main(int argc, char *argv[])
{
struct itimerval spec;
signal(SIGALRM, Handler);
spec.it_interval.tv_sec=0;
spec.it_interval.tv_usec=100;
spec.it_value.tv_sec=0;
spec.it_value.tv_usec=100;
setitimer(ITIMER_REAL, &spec, NULL);
while(1)
write(1, ".", 1);

return 0;
}

by simply commenting out the inline assembly, i fixed crash.c so it can no longer crash Linux!

1 2 1 2 THE NAKEN CREW

Re:Real crash.txt info and fix

If your system is a production server with 1000 on line users then do not test this code on that box.

DAMN IT!!! I tested this on a production server with 823 online users, and, despite showing my boss this advisory, I'm still fired.

THIS is why I hate Linux

[gosand]

This is precisely why I hate Linux so much. When I read about Windows vulnerabilities, it is something easy like "Port 1234 left wide open" or "Outlook will email everyone in the world with your penis size if you launch IE." I can comprehend those bugs. When a Linux exploit is discovered, it is all "SIGALRM this" and "__jiggawhat_ that".

How am I supposed to keep up with this stuff?

Re:There's a big difference...

[Odin's+Raven]

I've come up with the final word in firewall technology. What I do is connect my PC to the DSL router with a 10' ethernet cable. Then, using an approved tool, I carefully cut the cable, making sure to sever it completely.

This is a common mistake that many first-time security administrators make. You're supposed to cut the cable before making the PC/router connection -- always implement your security protocol before connecting equipment to the outside world.

What we really need is an article suggesting how I can speed up my downloads...

Your downloads are probably slow because your machine was compromised during the time when your security was down - i.e., the interval between connecting the unsecured cable and the time you properly locked the connection down. Slow downloads are a key sign of a compromised system.

Once you suspect your machine's been compromised, there's really no safe solution other than reinstalling everything from scratch. I'd also suggest discarding the cable and getting a new one - since you didn't secure the cable first, there may be an RF resonance bug lurking on the PC half of the cable, waiting to reinfect your machine when you hook it back up.

You're obviously new to this, so just in case you haven't heard about them - RF resonance bugs use the reflection characteristics of an Ethernet cable to create a self-reinforcing standing-wave signal containing a copy of the virus. Older versions of these bugs could be dealt with simply by putting the cable in a Faraday cage and grounding the cable. But several of the more current RF resonator bugs contain quantum-mechanical sideband waveforms - put one of those in a Faraday cage and the q-m sidebands can refractively propogate into the cage itself, and you'll spend the rest of the day chasing down heisenbugs.

Anyways, don't feel bad about this - it's a common enough mistake when you're just getting started with security. And by posting on /. you may have helped several other novices avoid making the same mistake.

Re:What does the patch fix?

No, I wouldn't expect anything better from the open sores community.

Re:2.6.5 not really affected but acting odd

gnome started acting all odd, and none of the terminals were responsive. They just kept printing out the prompt.

This is normal behaviour for gnome. Nothing to be concerned about here.

Re:IGNORE above ... new info.

[LogicHoleFlaw]

Well, when you exist as a group of genius vat-grown clones, it's bound to happen sometime....

Re:There's a big difference...

[benedict]

> In previous generations, people's words meant something.

Don't be ridiculous. Salespeople have been lying
since the beginning of time.