Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Kernel Crash-Exploit discovered

Posted by Hemos on from the must-fix-quickly dept.

Ant writes " According to linuxreviews article's on 6/11/2004, there is a nasty bug that lets a simple C program crash the kernel (2.4.18-2.6.x reported so far), effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture. This exploit can be compiled and run without a root access and with a shell access. There are detailed information and source code mentioned. " You need to have shell access to run this program; it's also worth noting that not *all* flavors are vulnerable. Please read article for the full details.

3 of 691 comments (clear)

  1. The problem appears to be... by Ayanami+Rei · · Score: 5, Informative

    ... that if you trigger a floating point exception inside a signal handler (specifically SIGALRM), the kernel doesn't handle it correctly, hanging the system. It appears to affect both SMP and UP kernels.

    Some questions I have to those who may have been following this:

    Does the crash occur without the syscalls in the signal handler/main process?
    Does the crash occur on SMP machines?
    Does the crash occur with other signals (PIPE, USR1, etc.)
    Does the crash occur on ppc, sparc, etc?

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  2. Re:Fixed quickly. by kaiidth · · Score: 5, Informative
    Patch is here on LKML. And of course it is on the original exploit page too.

    Here is the LKML discussion thread on the subject. It's an interesting bug, briefly summarised by Matt Mackall as follows:

    The example code's bogus
    asm is generating an FPU fault in frstor in its signal handler, that's
    bumping us into math_error -> force_sig_info ->
    specific_send_sig_info. Then we hit:

    if (LEGACY_QUEUE(&t->pending, sig))

    which decides we don't need to send the signal after all and we bail
    all the way back out and recurse.


    So there's a bit of a massive problem with FPU exception handling, which didn't come to light before. Wheee. Fun.
  3. Re:There's a big difference... by Allen+Zadr · · Score: 5, Informative
    A well patched system, Linux or Windows, doesn't need a firewall.

    "WHAT YOU SAY!?"

    I run a corporate network without a firewall. Every time a major issue comes around and destroys every freaking company around me, I go by with maybe two systems effected. Why? I stay up-to-date on all patches, and I keep relatively SANE security policies in place.

    A firewall is a lot less necessary than firewall vendors would have you believe. My experience is that firewalls breed a false sense of security. Someone goes home over the weekend with a laptop - and comes back with a zombie virus/worm/etc. that goes and infects everything while the IT department is "taking their time" evaluating a security update for a month (I do 24 hour tests).

    Why not firewall, is the other thing I hear. Mostly, it's so that every one of my systems can be an internet service provider. That's what the internet is about. Enabling users to say, hey - I've got that file right here on my local FTP, come get it. Here, log onto my VNC desktop, and I'll show you.

    Firewalls create industries like WebEx. Because technology has come from 'wow, I didn't know you could do that,' to, 'I didn't know you could do that because I'm firewalled.'

    Finally, "It doesn't happen very often," quite clearly means that it has happened. Call it pre-teen style bitching if you will, but a lawsuit should have never been threatened (AFAIK, a lawsuit never actually went to court). Is someone finds a vulnerability, full disclosure should not be the only method to have Microsoft take you seriously. My teen years are LONG behind me, maybe I'm just sick of having to deal with Microsoft's crap since Windows for Workgroups 3.11 (when the problems started for me).

    --
    Kinetic stupidity has a new brand leader: Allen Zadr.