Slashdot Mirror
New Linux Kernel Crash-Exploit discovered
Ant writes " According to linuxreviews article's on 6/11/2004, there is a nasty bug that lets a simple C program crash the kernel (2.4.18-2.6.x reported so far), effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture. This exploit can be compiled and run without a root access and with a shell access. There are detailed information and source code mentioned. " You need to have shell access to run this program; it's also worth noting that not *all* flavors are vulnerable. Please read article for the full details.
There are goods and bads, however, the information is readily available. There are patches that "work", even before a full explanation is available. Now, thousands of people are actively working on a solution, if they so choose. If they don't choose, they can use the proprietary code method - wait for the official vendors to release a patch.
In proprietary land, a vendor would first sue the person who released the information. Then, the re-iteration that you won't be vulnerable if you use a "properly configured firewall," then they'd start working on a fix.
Kinetic stupidity has a new brand leader: Allen Zadr.
"Using this exploit to crash Linux systems requires the (ab)user to have shell access. The program works on any normal user account, root access is not required. This exploit has been reported used to take down several "lame free-shell providers" servers (this is illegal in most parts of the world and strongly discouraged)."
Hope you all had a great weekend!
Well, those who have been paying attention know that Linux has had quite a few (read: way too many) critical bugs in the past year. Most of them were related to do_mremap (how many times do they have to "fix" that until its fixed?!), varying in severeness from DoS to local root exploits. How many has the Windows kernel had in the last 12 months? I am afraid that this comparison might fall out to the advantage of Windows. Until you take into account time to fix, maybe. Off to patch my systems...
Please correct me if I got my facts wrong.
go to the trouble to get a paid for shell account at a provider, or a freebie I guess, then run this script, just to destroy their own account basically?
Or is the bigger danger is that this script would be the payload that is included within some linux worm?
Just wondering what this means for joe average home linux user who isn't running a server.
Sourceforge?
Ask 8 slackers a question, get 10 awnsers (a citation, but I can't remember from who)
And fixes will be deployed within hours.
The same cannot be said of many proprietary OSes...
The fact that a patch is available doesn't mean that it is a non-issue. In many cases system administrators are too busy, lasy or do not wish to interrupt services, to update their systems to fix these software vulnerabilities. The proprietary vs. non-proprietary argument is irrelevant if administrators fail to keep up-to-date with security fixes. A good example of this was the SQL Slammer worm that made it's rounds several months after a patch that fixed it's attack vector was released.
Simply put, the bigger problem is with the wet-ware than the development methodology.
In the real world, where I work, I run a Hybrid network where I'm still waiting for Windows XP Service Pack 2 to come out in a finalized form because I don't have an option to pull just the parts that I need, and SP2 RC2 is not quite ready to unleash on my network (although I have actively TESTED it). Of course, this just fixes some vulnerabilities that have existed for over a year.
Don't tell me that I, as a Windows User and Administrator, don't care. While I've ignored this kernel issue over the weekend, I get to actively compile come kernel patches and test those. I'll bet, even before my testing, that I'll be able to have a production solution by tomorrow. Even if SP2 releases this afternoon, I'll still have to test it before deployment, so the Linux solution will be in production first.
Kinetic stupidity has a new brand leader: Allen Zadr.
I myself program in a variety of languages, and while each may have it's uses, I'm afraid I can't agree with your assessment. I generally use C++ over C most of the time, but I would certainly stick with C over VB (and yes, I do program in VB as well, when the occasion requires.). Just beacuse a language has an impressive GUI does not make it more valid. In fact, it can often increase the chances that a programmer is churning out code without truly understanding all that it's doing. Just my two cents, of course.
I think this is a joke but with the amount of idiots out there it's hard to be certain.
I know this is a cut and paste troll, but for best effect use 'PERL' instead of 'Perl' or 'perl', makes you sound even more like you are talking out of your ass.
Thanks!
You have a superb feeling about this level!
You sense the presence of monsters!
######
#...@+TTTTTTTTTTTTTTTTTTT
#....#
######
You hear a door burst open!
You die (more)
I don't know how "real world" you'd class a University, but there are two machines I have to help out with here that students have access to for their Bioinformatics DL assignments.
It already has a program running on it that I had to develop to detect processes using too much processor time and kill them (with warnings, messages printe dout when students log in and so on). I'll probably have to upgrade it to do the same with memory now that we have one genius who seems to be finding a way to consume 1.8Gb of memory.
Now I need to get kernels compiling, excuse me...
As for this bug, don't start bashing Linux left and right. Linux isn't perfect, no software is. But unlike when there is a bug in windows a fix is on the way as fast as possible. In fact, there is a patch on the site right now! And for you zealots who say stuff like "No big deal, who is going to do that? No the kind of person you give shell access to." shut up. Admit that Linux is not the perfection in computing.
You know what else makes the kernel crash? At least if you are using 2.6.5 or higher if you enable APIC/APIC-IO and you have an nforce chipset the system will lock up as soon as you do too much I/O.
And FreeBSD patch day is the first Tuesday of every quarter (if needed).
- Linux zealots moderating it down because it suggests that you buy a Mac, or
- Mac zealots moderating it down because it suggests you don't use OS X?
Gentlemen, place your bets now.I am TheRaven on Soylent News
I guess everybody missed the sarcasm.
This sig is the express property of someone.
Don't kill it, renice it. It'll still run, but it'll cede the processor to other apps when they need it. Also, ulimit can handle limiting memory.
The article mentions "This doesn't affect NetBSD Stable." Why would a Linux Kernel flaw effect any version of *BSD?
This bug was posted on slashdot as a comment reply to the Assembly programing article a few days ago. I looked at it then and it locked up my machine nicely.
Aside from that, I don't know that your point is valid. Most linux users either know how to use patch and compile their own kernels, or can run up2date or whatever to download their latest prefab clutter. Also worth pointing out is this bug needs a shell to run the program and crash the system. If you're giving out shells and don't know how to use patch, this is the least of your worries.
The patch is linked from another comment in this thread and yes, you'll have to recompile your kernel. No one has access to my machines here but me so I'm not going to bother updating until 2.6.7 is released. Have a good one.
Did you actually read it? I think it was the best troll parody I've seen for a while. I mean, the author clearly understood exactly what he was talking about when discussing C's support for pointers, which means that the way he missed the point and described them as 'inefficient' is marvelous.
Also, in light of recent events concerning the ADTI 'Samizdat' book & the author getting Tanenbaum's nationality wrong, describing Linus Torvalds as a Swede is a masterstroke.
This does no good if someone builds the program on another machine and then copies it to your host. Limiting compiler access really doesn't help secure anything unless you also prevent anyone from transferring any files to the machine (which is quite impractical).
I don't think this idea is useful.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
So who is serious enough about security to want this patched, but stupid enough to just accept a patch from any of thousands of developers? Yes you could evaluate the source of each patch and recompile using th new code, but who has time for that? Open Source and proprietary software are no different in terms of patches. If you don't get it straight from the horse's mouth then you are not following very good security procedure.
After all, doesn't anyone remember this? You can find open source patches for proprietary software every once in a while too, but you would be nuts to trust them.
If you maintain a Linux system for a larger group of people, you should know what you are doing. Pardon me, but obviously you're not. .config from 2.6.4, then answering a few questions for new options) brain involved: 1%, well documented in case of doubt. ../kernel....: 10 seconds, brain involved: 0%. :P
...
As soon as I read this I upgraded our Firewall at work. I downloaded the latest 2.6, got the patch from the bottom of the linuxreviews site. That took about 4 minutes on a somewhat fast internet connection.
Extracting the Kernel and patching it: 1 minute, brain involved: none (patch howto on that page as well, besides, if you are a real sysadmin you'll be able do kernel patches single fingered).
Configuring the kernel: 1 minute as well, using make oldconfig (porting over my
Compiling: make-kpkg kernel_image: 10 minutes, brain involved: 0%.
Installing: dpkg -i
Rebooting: about 1.5 minutes, brain involved: how fecking hard can it be to type 'shutdown -r now' ? or maybe even 'reboot'
This also answers the other posting where somebody was whining about making the updates moronproof... Most distros have this 'feature', autoupdating, Redhat: up2date, Debian: apt (through security.debian.org),
This is a reasonably serious bug. A well-configured *nix box should not be crashable by anything a normal user can do. The amount of memory a user can allocate, the number of processes they can launch, the size and number of files they can create should all be limited through user limits. There is no way (AFICS) to prevent this bug being exploited through those kind of limits. If there are lots of people logged in, figuring out who crashed the box would be quite hard - just have the crashing program delete itself before it crashes the box.
Hitting ctrl-alt-delete or the power requires physical access, which shell users almost never have (I don't even know where most of the computers I use every day are - they could be in Timbuktu for all I care).
For Linux, choice of:
I'd like to see a TwoKernelMonte variant for SMP which allowed you to isolate one processor from the kernel, bring up a patched version of the same kernel under it in cooperation with the running kernel (which process would presumably not survive any changes in in-memory structures, so check for that first), migrating devices across in idle moments, then finally deleting the old kernel and bonding the processor thus freed to the new kernel. Viola, new kernel sans reboot. Ideal for a patching situation.
Got time? Spend some of it coding or testing