Slashdot Mirror
Local Root Exploit in Linux 2.4 and 2.6
Anonymous Coattails writes "Summary from the advisory: 'Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges.'"
← Back to Stories (view on slashdot.org)
Microsoft Commits $3.5 Million to Indian Ocean Tsunami Relief Efforts
REDMOND, Wash. -- Dec. 30, 2004 -- The employees of Microsoft Corp. express their deepest sympathy to the hundreds of thousands of people affected by the Indian Ocean tsunami. In response to this tragic event, the company is announcing a commitment of $3.5 million (U.S.) in financial support for relief and recovery efforts.
"Our hearts go out to everyone who has been affected by this terrible tragedy," said Microsoft chief executive officer Steve Ballmer. "Microsoft is committed to helping governments and relief organizations in the recovery effort through financial donations, technical resources and volunteer support."
Microsoft's donation will include $2 million in immediate corporate contributions to local and international relief agencies. The company projects that its matching of employee charitable contributions worldwide will provide an additional $1.5 million in corporate donations to relief agencies.
"The outpouring of concern and commitment from our employees has been phenomenal. Our people all around the world want to help," Ballmer said. "If our employees contribute more than we are projecting, then our corporate donation would go up as well."
The company's donation announcement is an extension of efforts already underway by local Microsoft subsidiaries in the affected region and around the world. Immediately following the disaster, local Microsoft offices worked to respond in concert with local nonprofit agencies and other efforts on the ground. To date, the company has assisted with funding, technical assistance and other resources in Indonesia through Palang Merah (Indonesian Red Cross); in Sri Lanka through Sarvodaya; in India through MS Swaminathan Research Foundation (MSSRF); and in Thailand through the Office of the Prime Minister's Disaster Relief Fund.
Individuals who wish to learn more about how they can contribute may visit Microsoft's Web site for a list of agencies actively involved in the relief efforts. The Web sites direct the public to over 55 agencies, including the American Red Cross and International Federation of Red Cross and Red Crescent Societies, CARE, Doctors Without Borders, and UNICEF.
About Microsoft
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft's Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp.
Karma: Terrible - and proud of it!
Why is it every nearly Linux flaw is locally exploitable, where as every nearly every Windows flaw is remotely exploitable?
Maybe Microsoft figures most companies already do a good job of securing their physical servers...
,ououououououououo. .ouououou ." ". /(o)-(o)\
/_)ll / ) . ._| '/ / /\ /\ `\ l l /\ l / l
o THAT'S BECAUSE o
u LINUX WAS u
o WRITTEN IN o
u CRAYON (PINK) u
ouououou.
l l _|/
l l
l l
l_)ll '- o .
\_)l\ '.___.' / |\/|_.
l l \ \_/ /
l_l\ \.___./ \ )
\ \_/\__/\__ l==l
\ \
\ \\// \l l
`\
; ll l\____/
l ll l
*awaits justifications and explanations of why this is nothing like Microsoft*
first post?
signed,
lindsay
Does this exploit run Linux?
GNAA rules, that is all
Read down to the Credits on the link and you see this line:
Credits:
========
Paul Starzetz has identified the vulnerability and
performed further research. COPYING, DISTRIBUTION, AND MODIFICATION OF
INFORMATION PRESENTED HERE IS ALLOWED ONLY WITH EXPRESS PERMISSION OF
ONE OF THE AUTHORS.
Did I violate you buy hitting ctrl-c and ctrl-v? Yeah copyrights stink even in free and open source realm. Oh yeah I guess Polly boy has something to put on his resume now as if someone else was going to steal his glory and get away with it.
fp, use bsd
exploit.
I suck.
That's the sound of a thousand Microsoft fanboys typing up their "LOLOL!!! Lunix is teh sux0r 2!!!" messages.
*sigh*
Just like old times.
yo!
The sweet sound of sysadmins sweating. Or is that smell?
I sicken me.
I always thought that NAT and bastille would be enough. I never considered the risk of this sort. Worse yet, it seems that the reported exploit isn't the only locally exploitable flaw
What's an admin to do?
from the without-users-this-wouldn't-be-a-problem dept.
*Shudders*
Then, methinks: "I'll just apply a patch..."
It turns out that patches do NOT always fix the problem.
What's an admin to do?
How do people find this stuff? Amazing. Open source is astounding.
When do I get my kernel update?
shutdown -h now
earlier story of security flaws in Mozilla, root exploits in Linux?
Must be the work of Mr. Gates
I compiled included code at the end of the advisiory, this was the output on RHEL 2.4.21-20
./test
%
[+] SLAB cleanup
child 1 VMAs 65525
child 2 VMAs 65392
[+] moved stack bfff8000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xdf400000 - 0xfe5f2000
Wait... -
[-] FAILED: try again (Cannot allocate memory)
Killed
It's a good thing I've got the patch downloa
Carolina Porfirio was 19 and part English with an Italian father, hence the name. She worked as an office girl for a company in the same building where I rented an office suite for my business in Nice, down the corridor on the same floor. All that follows happened shortly after I split up with Ginny Harris and was preparing to leave the Riviera to go to Spain. I was, by this time, a full member of the Riviera Rape Club and wanted to provide the club with a bitch we could abuse, torture and sex kill.
I chose Carolina because the young 5'4" cunt was gorgeous (in fact, she was stunning, a real head turner) and close enough to keep under observation for a while but far enough not to be connected with me. There was little chance her disappearance would be linked to me. I kept a watch on her for a couple of weeks and learned her name, age, that she commuted by train from across the border in Ventimiglia, Italy (only a 30 minute train ride), had no boyfriend, and jogged every evening. The jogging would explain the sexwhore's lovely athletic look. The jogging looked like the best opportunity to abduct my chosen sexbaby and that's how we got her.
As soon as we had the sexy bottom babe in a safe place (by this I always mean safe for the abuser, not the victim), we crowded around (there were 8 of us) to fondle Carolina's body still with her clothes on. I think this is very humiliating for a sex object to be fondled fully dressed. It is like being raped but with the added fear of knowing it is yet to happen. Then we ordered her to do a striptease for us. She tried to back away from us, shaking her pretty head and crying, looking down at the floor and saying "Nooooo" and "Pleeeeease!" over and over. It took a punch deep in her belly and a hard brutal kick from behind right in her teenage cunt, which sent her sprawling and retching on the floor, to change her mind.
It's interesting that even a tracksuit can look gorgeously sexual on an attractive love object, male or female. Carolina was wearing a powder blue track with a pale pink stripe over the left shoulder and down the body, repeated in the trouser part to the ankle. On her small pretty teenage feet she wore white and bright pink reeboks and dayglow pink cotton anklesocks. After fondling the 19 year old whoregirl with her clothes on, we made the babybumsex bitchgirl do a striptease and dirty dance for us. I lied to the pretty bumbaby, saying that we'd also kidnapped her kid sister (an 11 year old ugly duckling, quite unlike her delicious big sister) and would kill it if she didn't perform for us and obey all our commands completely and immediately, no matter how disgusting and evil she thought them. I told her to leave the reeboks and the cute little sexy sox on. In fact, the fat bottom girl Carolina wore them throughout her terrible ordeal, and died with them on.
Following the dirty dancing, throughout which Carolina cried her lovely blue eyes out, we made her stand with her hands on her pretty head so we could all feel and fondle her nude body all over. Then I made the fucking babysex kneel down so that we could take turns in front of her pretty face.
Each man was allowed to present the teenage whore with either his penis or his bum, but not both. Most gave her their cocks to lick and kiss, but I was one of only two presenting her with our big bums, making the lush childwoman lick up and down our dirty cracks and kissing our bottom holes. It's hard to describe the feeling of it to someone who hasn't experienced the wonderful sensation of killing a very sexy looking girl (or boy). I'm not in the least sorry about doing it. She deserved to be murdered for being so lovely and sexual, for being a very pretty young female and for having a gorgeous body. I am sorry only that I've not done it more than once. There are so many I would love to have killed, girls and boys, women and children. Among these are my ex-wife Elaine, a number of ex-girlfriends from my earlier years including Doris, Maggie, Patti and Mary, and, more r
If you want to help Linux' adoption, STOP posting information on the exploits! Learn from Microsoft: hide your rotten eggs on Christmas, to be found on Easter.
Michael, get a clue and stop posting this stuff. Some people have pleasure on wreaking havoc on vulnerable computers, and you are no different than a terrorist if you say otherwise.
I am the nightmare of nightmares.
Linux is awesome
:)
Who ever found this must really know what they are looking for. Since it is local though, it just goes to show that strong passwords and encryption are essential, as well as physical box security so Th0Z L33t Hax0RS d0N'T Hax0r yEr B0X0r.
They've got a pretty good record. Unfortunately, kernel-level stuff is nasty -- how do you fix embedded devices?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I'll shoot anybody who come 100 meters close to my machine*.
Now, that's security!
* May not be trueI need no exploit to gain root privileges, I just login...
It's a straight fight so far in the Privilege Escalation match in the past year, so let's look in on our contenders:
Windows (all versions) 100
Linux 1
It looks pretty bad for Linux until you consider that this game is scored like golf, and then it's all tears and jeers in Redmond.
Back to you, Cowboyneal.
(NB. I know there have probably been other Linux kernel exploits, but this is the first in recent memory.)
su
It is logical to think that a larger number of users will find a larger number of exploits and bugs. But will the ratio be less for linux.
I just want to know if we would see more of these posts about linux exploits if linux had a bigger audience.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Merely one exploit for M$ is a goal they hope to acheive sometime before the sun turns into a red giant.
... if I forget my root password.
GETPKG - Package Management for Slackware
dude i'm not going to read all that crap. give me a freaking summary.
Is there ever a time when you can consider your systems secure against an attacker with physical access?
Is it just me, or does Linux really have daily exploits in contrast to Mac OS or the BSDs?
all the linux zealots vs all the MS zealots. When will everyone realize that humans are inherently flawed beings who produce inherintly flawed products from cars that run using fire and that rust, to operating systems chock full of flaws. Once linux gains enough momentum and is deployed on a meaningful percentage of business users desktops, hackers will deem it worthwile to devote time to exploit it. its absurd to think that any opeating system is so head and shoulders above anything else. its only a matter of time. get off your soapboxes. Why is using MS update any different than downloading this new linux fix? the doublestandards on display at /. never cease to amaze me.
-r
sig pending
Obviously if it is local if it is exploitable from the console. But can it be exploited remotely through ssh if one already has a user account?
The unofficial
Again?
Uptime sure ain't no argument when talking about Linux anymore
*patching servers*
Why is every Windows flaw merely a shell exploit, while this is a flaw IN THE LINUX KERNEL?
It's time to pull the blinders from your eyes.
I mean, just look at it... Windows gets exploited across their network facilities. Linux never does.
;-)
Who's smiling now, eh?!?
To Terminate, or not to Terminate, that's the question - SCSIROB
How do you fix embedded devices? Um... you mean how do you update/patch the code on the embedded device so that a local user can't escalate to root?
First of all, for many embedded devices, this isn't an issue. I mean, if you're an attacker, what are you gonna do once you get root? If the owner can't patch the OS, you probably can't install a rootkit either. Sure, you can DOS it, but if you're physically at the device, you can DOS it just by hitting the power button.
However, manufacturers of all embedded devices (not just Linux-based!) should definitely put a mechanism in place for updating the program code.
This is an exploit in the actual kernel itself. Windows flaws are either shell exploits or, more often, user-ran executable attachments which aren't Microsoft's fault. I repeat--flaw in the kernel itself. And it isn't the first one.
I know this isn't the popular, "funny" response on Slashdot where everything involving Linux is good (BSD is better anyway) and Microsoft is bad, but it's the truth.
and look at the amount of code it took. at least it aint javascript...
You are about to give someone a piece of your mind, something which you can ill afford...
I should mention that enabling ELF format is still highly recommended (after the patch for this is released of course) and unless you do special programming work in linux then enabling a.out format is not recommended.
"uselib" is a Linux-specific extension, and, as a result, has received much less real-world testing than traditional UNIX system calls. Keep in mind that the traditional UNIX system calls have received millions of man-years of real-world testing in large user communities likely to attempt both remote and local exploits. It is not surprising that Linux-specific extensions are at a much greater risk of containing serious security problems.
COPYING, DISTRIBUTION, AND MODIFICATION OF
INFORMATION PRESENTED HERE IS ALLOWED ONLY WITH EXPRESS PERMISSION OF
ONE OF THE AUTHORS.
Is it just me, or is this mind-bogglingly stupid? A security advisory which can't be redistributed freely? Imagine if the same approach was taken to important warnings in the real world -- "There's a tsunami heading towards you... but you're not allowed to redistribute this warning to all the people around you without my permission."
Security advisories should be in the public domain.
Tarsnap: Online backups for the truly paranoid
Right, let's compare the flaw in a single kernel versus the ENTIRE OPERATING SYSTEM of Windows, GUI, shell, and associated apps like Internet Explorer as well as user-ran executable attachments in Outlook, which have nothing to do with Microsoft.
What happened to all the "Linux is just the kernel" stuff? Oh, that's right, we were bashing Microsoft.
Besides, if you mean "past year" as 2005, then this means Linux is first out of the gate.
No local root exploits found! ;)
That's why I run FreeBSD
If we look at a standard office, the servers are normally under lock and key. If we look at a machine in your house, you probably lock your doors when your not at home.
All in all, this is not even close to the problem MS has with their exploits.
I'm not a doctor, but I play one in bed.
The parent was modded as funny, but I have always wondered about a trojan that exploited sudo, possibly through a too-permissive NOPASSWD rule, or something that exploits the window where sudo doesn't prompt for a password.
(S(SKK)(SKK))(S(SKK)(SKK))
... distribution of local roots exploits is permitted if source code is included as required by the GNU GPL
Just skimming, and noticed the sample exploit code has a function __kcode() that contains a bunch of assembly stuff. Is this exploit portable to other archs?
It doesn't work on my Gentoo box running 2.6.9 so I'm safe. This machine will not be hacked.
It's a good thing I have telnet running on that box so that I could try it remotly though.
IP Therefore I am.
./test
child 1 VMAs 0
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xdf800000 - 0xfee67000
Segmentation fault
Same compile errors, tried with gcc-2.95 gcc-3.3.5 gcc-3.4.
... www.freebsd.org
apply it ASAP!!!
Look at the posts already written so far. They're all Microsoft bashes. In an article on a Linux root exploit, everyone is so defensive and hilariously predictable that they keep bringing up Microsoft, as though it's some sort of operating system penis contest.
"Linux root exploit in both 2.4 and 2.6? M$!!1 Just look at Microsoft! Don't criticize Linux; it is perfect. M$!"
Instead of a valid, calm, and rational discussion of this major security flaw in the Linux kernel, we get endless defensiveness and justifications. The complete opposite reaction, of course, when there's some new user-ran executable attachment that gets labelled a "Microsoft hole" by Michael.
This doesn't happen in the BSD world--when there's a flaw announced, everyone patches it and moves on. They don't spend their time making MORE Microsoft jokes. Yes, we know Windows has had its share of flaws. Take a look at its marketshare; it's the biggest beta test of all time. A fairer comparison would be comparing Linux/X-Windows/KDE/Mozilla to Windows, which would then bring things about even. But, conveniently, posts in this discussion aren't comparing evenly, ignoring the Mozilla vulnerabilities posted on the same front page today! Instead, we're getting Linux versus Windows comparisons, when Linux is just a kernel.
For the sake of being a mature technical community, let's keep the discussion on Linux for a change.
You can get your kernel update now!!! :)
www.freebsd.org
it also includes a whole OS!!!
This really does work!
1) Login with your userid
2) type 'su' at the command prompt
3) fill in root's password
4) ???
5) proceed to screw up your flaky linux install
Was linux ever even ment to be secure locally? You can stick it in single user mode, or just nick the hard-drive. Meanwhile IE is counting its 80th root exploit...
This comment does not represent the views or opinions of the user.
All your shell are belong to us.
Local means "has an account on the machine". It does not mean "physically at the computer". This can be exploited remotely by anyone with a login account on the machine who can login via ssh or telnet. If you're running, say, a university's Linux server, this is a major problem, as now all your students and professors have root.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
*p_e_n_i_s_b_i_r_d_p_e_n_i_s_b_i_r_d* here we see the penisbird
p______...__________________________p a native of nigeria (and texas)
e____(_..__`'-.,--,_________________e be careful when handling as it
n_____'-._'-.__`\a\\________________n will be quite restless if it
i_________'.___.'_(|________________i does not have a cock to perch on.
s____________7____||________________s this message is courtest of GNAA.
b___________/___.'_|________________b are you gay? are you a nigger?
i__________/_.-'__,J________________i ARE YOU A GAY NIGGER? if so the
r_________/_________\_______________r gnaa is just what you are looking
d________||___/______;______________d for! the gnaa brings together men
*________||__|_______|______________* from all over the world for one
p________`\__\_______|__/__''\______p purpose: being gay niggers! if
e__________'._\______/.-`____{}|____e you wish to join the gnaa you must
n___________/\_`;_.-'_________/_____n first succeed in achieving a gnaa
i___________\_;(((____.--'\_/_______i first post using a gnaa trolling text
s_________.(((_____.-;\_____________s from http://www.gnaa.us and then watch
b____.--'`_____,;`'.'-;\____________b the movie gay niggers from outer
i_taco's____.'____'._.'\\___________i space, and pass gnaa vice president
r_dick___'_________|__\_|___________r jesuitx's gnfos exam. at this point
d__________________\_\,_/___________d you are a lifetime member and will be
*p_e_n_i_s_b_i_r_d_p_e_n_i_s_b_i_r_d* a gay nigger for life! good luck nigga!
On a Slashdot front page that posted three Mozilla vulnerabilities and an outright root exploit in the very Linux kernel itself, people will continue to pretend Linux and Mozilla are perfect and that Windows is the only operating system with security flaws.
These stories will quickly be forgotten and ignoring amidst the groupthink in the echo chamber, and anyone who disagrees will get modbombed by trolls.
"Sufferin' succotash."
Isec.pl has done a lot for the open source world, they've found lots of vulnerabilities (which is good - vulnerabilities ARE like any other bug):
Take a look at the impressive curriculum of those guys:
d_path() truncating excessive long path name vulnerability
Linux kernel do_brk() lacks argument bound checking
Linux kernel do_mremap() local privilege escalation vulnerability
Linux kernel do_mremap VMA limit local privilege escalation vulnerability
Linux kernel setsockopt MCAST_MSFILTER integer overflow
Linux kernel file offset pointer races
Linux ELF loader vulnerabilities
Linux kernel IGMP vulnerabilities
Linux kernel scm_send local DoS
Linux kernel uselib() privilege elevation
Guess what, they're also the guys who discovered the mozilla hole diclosed today: Heap overflow in Mozilla Browser NNTP code
Those guys are impressive. In particular, Paul Starzetz is the author in most of those kernel holes, along with a guy called Wojciech. They always contact the kernel maintainers before discosing the vulnerability, etc. Basically, they're having the same effect than a security audit. Except that they're doing it for free, so they deserve respect, I think. And yes, Linux is having too many kernel-level vulnerabilities. More than XP if I'm counting them right. Perhaps someone should offer a job to those guys so they can audit parts of the kernel better.
(And I can understand that copyright policy - there're people who probably look at those announcements, ctrl+c and ctrl+v and they release their own announcement twisting dates claiming that they're the guys who found it first)
I remember recently reading that commercial software generally has several bugs (usually minor, not necessarily security holes) per 100 lines of code (line being terminated with ;). I also recall reading a long time ago in PC World Win 2K was about 16 million lines of code. XP being more or less a facelift to 2K we can assume there maybe is 18-21 million something lines of code. Based on 18 mil. and a very generous 2 bugs per 100 lines, in theory, Windows has approximately 360 000 bugs and holes of varying severity. Good job M$!!!
Its funny how all the 0.x versions of open source software I am running never seem to crash and burn like Windows (and commerical Windows software...3rd party developers make buggy software too)
A fix has already been posted.
Right, let's compare the flaw in a single kernel versus the ENTIRE OPERATING SYSTEM of Windows, GUI, shell, and associated apps like Internet Explorer
One of the key weaknesses of MS Windows is precisely that it is a huge unholy jumble of pieces. IE is an integral part of the OS, remember, Ballmer himself testified so.
This is exploitable by anyone with a local account on the machine, which includes those who can login over ssh. This affects literally thousands of servers. Now everyone with access to your Beowulf cluster has root on your Beowulf cluster. Every student that can login and use pine to read their email on your university's Linux email server now has root on the email server. Etc.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
why did they release exploit code before a fixed kernel was released and mirrored throughout kernel.org? and on a friday afternoon?
i'm not too impressed with the timing of this announcement, and i have to wonder what their motives were. it doesn't hurt their cause that slashdot is advertising for them.
please, people. there's no reason that a situation like this should ever happen.
2^5
If you access your box via telnet, you have other security issues to work on which are probably far more worrysome.
500GB of disk, 5TB of transfer, $5.95/mo
It's not a bug... it's a feature.
yep, "we were bashing microsoft". very perceptive. i bet you get paid to be perceptive.
this is slashdot.org, ran by Open Source advocates and frequented by a million Slashdotters. don't expect to sell many copies of XP around here.
true enough, Windows is an "ENTIRE OPERATING SYSTEM", as you so tactfully put. that is not our fault, sir.
besides, you are acting like there is some sort of comparison between the security of any GNU/Linux OS and a give Windows "OS", for lack of a better word. go click on your new spyware removal tool hahaha...
You are about to give someone a piece of your mind, something which you can ill afford...
Guess this will take some time to fix.
And when some third-party developers write buggy code, they really write buggy code. Remember "Return to the Pool of Radience: Ruins of Myth Drannor". Now that was a buggy game!
Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
These are exploits in the most basic portions, against which a sysadmin can do nothing other than keep on patching things. It's not like you could have tunned this system to make it very secure, no, no matter how carefully you (or your distributor) set it, bang, a local exploit seems to be found every month or two.
I'm seriously considering going back to BSD (maybe Debian GNU/NetBSD?), which seems to have a much much much better security track.
It's the sysadmins of University email and webservers across the country going apeshit as suddenly the entire student body potentially has root...
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
It is important to know about, in my opinion. But that's just so we know we need to patch our kernels. Simply the fact that a root exploit has been found does not mean we should go about reposting the same types of stuff that has been posted endlessly before in similar articles on slashdot.
I prefer linux because it's free. It's also pretty stable and secure, which is nice. But I just like linux for what it is. I fear we are getting sidetracked in the "my OS has less exploits then yours, nanananaaaaa" childish type of fights.
I look forward to the updated kernel which will fix this issue for my distribution. Until then, I'm going to do some much needed maintenance on my box and barricade my room so no one but me can get in.... just kidding.
atleast it just a local exploit, security at the keyboard is no problem here since it is in my private home, and there is only family members and myself with access to the localhost via keyboard & mouse...
let me know about remote exploits as these are the most important to broadband connected Linux boxen...
OpenBSD has the best track record of all operating systems in security.
I don't put Linux on my production machines for this very reason.
raw diffs to for those brave souls who want them
Time flies like an arrow, fruit flies like a banana.
...am not scared whatsoever. Nope. Not even a little...
I had an imaginary sig once, he said I was a loser and ran off.
at this site.
but i tried the same on my RH 9 box, nothing. wouldn't compile or run the binary i compiled on RH 7.3
.cig
...though a bit big. www.openbsd.org
What news is this? There have been local exploits in the Linux kernel before, and there will be again. This is less news than the Debian break in a while back - that was worth mentioning because a major Linux installation was comprimised with an unknown kernel vulnerability. But come on! The last few 2.4 kernels (IIRC) have included patches to fix local root exploits. Marcello didn't even rush those out the door. This exploit certainly doesn't seem especially unusual nor was there an exploit in the wild.
Newsflash kids! Linux isn't perfect! Certainly not Linux specific API extensions like uselib. Move along, this isn't the kernel vulnerability you are looking for.
TO YOUR MOM!
Well, this is why FreeBSD is tend to be better than Linux. You see FreeBSD during the last few years have had much fewer kernel exploits than Linux...
Why is using MS update any different than downloading this new linux fix?
First and foremost, the terms to which you must agree before you download and install. The MS downloads and patches often come with "interesting" end-user license agreements. Meanwhile, with the Linux kernel download, you can do whatever you like, including (*gasp*) fix it yourself, if you have the ability.
Secondly, when you use Microsoft update, you don't know what is getting installed. With many things, like XP service pack 2, you get a lot of cruft that is useless.
As far as popularity being the #1 indicator for available exploits: if that were true, Apache would be the most-exploited web server, since it has 65%+ of the market. Unfortunately, that's not true. IIS has many more published exploits, in spite of the fact that the code for Apache is available for inspection by the black-hats.
There *is* a such thing as "being more secure." Yes, we can't be perfect. (In fact, I don't believe there is a such thing as perfection.) But that doesn't mean that one OS can't be objectively better than another.
Microsoft is to software what Budweiser is to beer.
All that this needs is to be combined with a vulnerability that grants remote access to a machine and you have a serious problem (provided that the remote access allows them to exploit this).
All flaws need to be fixed. Even ones you don't think are very important because they could be exploited together.
It doesn't matter how many holes Windows has compared to Linux. The exploits are usually scripted and tied to a port scanner. If you're vulnerable, you will be cracked.
That's why multiple levels of security are a Good Thing (tm). Defense in depth is the only way to go.
I am running 2.6.10 and I just get a segfault when running this. Anyone else get it to work?
Yep, a security flaw allowing unauthorized root access is undeniably embarrassing. It also seems that us Linux zealots suddenly have a life this weekend and aren't able to submit too many biased excuses for this /. news item. Oh wait, maybe our Firefox browser got hacked and we're just downloading/installing patches. A lot of bad Open Source news for an otherwise good weekend. Oh well, no OS is perfect.
They are "actively" seeking a new sponsor, might explain it...
So how does a university or comparable large organization with hundreds or thousands of users with shell access deal with a situation like this?
There is no patch for this yet right?
Thank God I run Firefox!
The difference between Microsoft from Linux: Microsoft is slow to fix vulnerabilities, denies they exist until they are fixed, and is pronounced market leader in the following of security teams and security packages that have been built upon it. The casual administrator, end-user, and over-all critic looks at the honest state of security on Linux and considers that the number of lacking commercial and otherwise extant security software for Linux is an example of a flawed young and shortlived software venture. We know the truth, but not the consumers; We work hand-in-ass with Linux's internals, and are the critics towards Microsoft because we don't know any honesty from Microsoft because its a deceptive market. Lies/deception is the quick profit, truth is slow to perceive and slow to cause anger; even if it takes ten years for Microsoft to leak an honest exampliary documentary of its past flawed model, but it doesn't matter because it has the money and the force in both government, standards, and subscribers to turn the industry to any three-eyed whore of an OS it felches on the floor.
:)"
:-)
Blockquoth.post.previous {
"Troll or not, not posting will just end up with more vulnerable boxes. Short-term vulnerability in retrun for media coverage and quick patching, or long-term vulnerability while those "in the know" freely exploit. Former, please.
} Blockquoth.post.previous
I rest this case.
I'm running Gentoo.. Where can I get the ebuilds for this?
=)
I don't know what sigma level Microsoft is at but with 2 defects per 100 is 360000 per 1,000,000 lines of code. That puts them at a sigma level between 3 and 4. The Majority of software makers are below that. Yet if MS were six-sigma (they sell software that tracks it) they would have only 61 defects for those 18 million lines of code. NASA isn't six-sigma as there are only a few companies in the world that can achieve that kind of quality. Its like purifying gold - it gets exponentially tougher and tougher the purer you try to achieve.
Windows has approximately 360 000 bugs
Well based off of what you say, software is never improved nor fixed. Generally I'd say mature and tested software will have significantly LESS bugs than what you say. Note that a lot of crap qualifies as being a part of windows 2000, notepad, telnet, and a slew of other stuff know one knows what to do with. Some of this stuff has been drug along since NT4 or earlier, so I would say that the core windows os has much less than 360,000 bugs, even if you do coun't the garbage with it. I'm also wondering if those bugs cover logic errors where all code is correct, but there are still problems between layers and modules. God knows windows' complexity breeds enough of that...
if a virus writer wrote a virus; oviuously. that used this exploit to raise its permissions to root
Atmel, amongst others, produce encrypted RAM. If you don't have the key, you can't read the memory. That's pretty secure, if you ask me.
Any OS with B1 (or better) security has comprehensive mandatory access controls, so that if you DO find an exploit somewhere, it is still not possible to access other parts of the system. (B-class and A-class OS' do not "need" a system admin account, since you can define specialised pseudo users that can do exactly what is needed for a given task and no more.)
Then, there are systems like OpenBSD which have been audited to hell and back. OpenBSD has had one provably-usable exploit in living memory.
Then, you've various security software that's out there. eg: Using OTPs w/ S/Key or OPIE for passwords, enforcement of strong passwords, IPSec w/ strong host authentication on all network connections, etc.
In theory, there is nothing to prevent someone from combining all of these elements to produce a hardened OS that is impervious to both physical and logical attacks, both locally and remotely.
In practice, nobody would spend the time and/or money on that level of security for normal use. Ok, the NSA might, but that's not strictly "normal use". It's also unlikely they'd make such an OS readily available. (They've done wonders with SE-Linux, and the declassifying of Skipjack and SHA has made a world of difference in cryptography, but that's not quite the same as Open Sourcing a bullet-proof system.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This means only that it must be used in conjunction with a process that is exploitable. Let's say, for example, apache was running and there was an exploit available to it. Well, most people would say "oh well.... can't trash the whole machine, the apache user doesn't have the rights." Well once apache is compromised, they can likely find a way to inject the local exploit code for the apache user to run. Once that's accomplished, apache user becomes root user. From there, the machine is 0wned to borrow a word.
Yes it's serious but I expect a fix shortly...
Wow, I'm quite amazed at the ammount of people who post here that don't know what is ment by a "local" exploit.
But I guess the good news is for every post who dosn't get it there are 4-5 people correcting them.
...for giving us dodgy code. ;)
Is there a similar test for this vulnerability for 2.6 and gcc v3.4.* out there yet?
child 1 VMAs 0
[+] moved stack bfffc000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xdf800000 - 0xfedc9000
Segmentation fault
May I recommend that Do not run this code if you can not understand what it is doing.
For all we know, this is a social engineering trick to spread some malicious code. Let's wait until some official folks eg. CERT, or your vendor/distribution responds. Are the people who released this code have some credibility that can be verified independently?
ato
Grsecurity and PaX report vulnerabilities
2.4.29rc1 ( http://www.kernel.org/pub/linux/kernel/v2.4/testin g/patch-2.4.29-rc1.bz2) and 2.6.10-ac6 ( http://www.kernel.org/pub/linux/kernel/people/alan /linux-2.6/2.6.10/patch-2.6.10-ac6.bz2) fixed this exploit.
Never learn by your mistakes, if you do you may never dare to try again
That's the beauty of benchmarks like Six-Sigma. You can always pick something relatively meaningless, like Lines Of Code if you want to pad your score. Defects per functional point is probably a good deal more appropriate, but that's hard, so managers who want to think they're measuring something just stick with easy quantities like LOC.
I just wrote down them on this commentary on the thread above...http://linux.slashdot.org/comments.pl?sid= 135324&threshold=0&commentsort=0&tid=172&tid=106&m ode=thread&pid=11291472#11291873
XP has had much less holes in the kernel. Most of the Windows holes are in the system services or in the apps - not in the kernel.
What is this? A troll fight I'm presuming. Have either of you ever examined MS source code?
Caesar si viveret, ad remum dareris.
I'd really like to know what's being done about this pitiful trend of Linux security, where it's 10x as easy to find a vulnerability in the kernel than it is in any app on the system, where isec releases at least one critical vulnerability for each kernel version.
And given his description of how he found these problems, plus his frustration about getting Linus and akpm to reply, his tone is even somewhat understandable.
I am unpatched ( at the moment ), but ultimately protected.
Why? My system has many different partitions, most of which have the no-exec flag set on mount. So, unless you are able to log in as someone other than yourself, AND that other account has some area to run executables, my system is safe. Not that I'm not going to patch it anyway.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
If you are paranoid, go with OpenBSD. Those guys rarely have exploits. If you're not paranoid, go with FreeBSD, linux, or whatever. Human's coding can result in bugs/exploits. Since Human's code all Operating systems, there are going to be bugs/exploits. If you are paranoid, but don't want to go out of your way to be it, use FreeBSD or Linux, and remember to recompile your kernel (30 minutes maybe?) whenever there's a bug you're worried about.
BA
And my post is trolling how?
Yes I've looked over MS code and no I didn't find anything good or bad about it - mainly because I don't care.
While I can't justify the difference, I'll tell you that there is one if we don't see any regularly recurring network born auto-root that's so bad it threatens the top level domain servers. It's not like someone cracked kernel.org and owned it for three months injecting whatever they pleased into the codebase. One good explanation of the difference is that Marketing dorks who do little more than buy other's code can't maintain it properly.
Friends don't help friends install M$ junk.
There's no notable compile errors. The struct is named differently. Just change (line 425, i think)
static struct modify_ldt_ldt_s l;
to
static struct user_desc l;
And then everything should be good. It works well on SuSe (pass a -n 5 option) but haven't gotten debian to work yet.
But does it run linux?
An OS is only as secure as the person who administrates the systems.
no time to RTFA, still at work. Can someone give me a technical summary of how this works. Just interested. Plus, you guys usually offer more useful/terse/comedic info than the bulletins.
They have an active Six Sigma group. How far along their work is, who knows.
If you don't own a SCO licence your users may be running a local root exploit ilegally. Upgrade your OS! www.freebsd.org
rootexploit.c: In function `check_vma_flags':
rootexploit.c:530: warning: deprecated use of label at end of compound statementwhat does this mean?
there is nothing in
www.TECHNETIUM.net.au
And my post is trolling how?
The lack of any actual facts, merely lots of conjecture, by both/all of you.
Caesar si viveret, ad remum dareris.
I can't find an analogous note in the 2.6 changelogs.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You rest nothing:
From the LWN security advisory:
Between December 15th and today, Linus has committed many changes to
the kernel. Between January 2nd and today, Andrew Morton has committed
several changes to the kernel. 3 weeks is a sufficient amount of time
to be able to expect even a reply about a given vulnerability. A patch
for the vulnerability was attached to the mails, and in the PaX team's
mails, a working exploit as well. Private notification of
vulnerabilities is a privilege, and when that privilege is abused by not
responding promptly, it deserves to be revoked.
Yawn, take your FUD elsewhere.
A lot of the companies involved in space hardware do really cool stuff. (No pun intended.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Change the location of _elf_lib to /tmp instead. That'll work.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I'm glad I upgraded to Fedora Core 3, and left SELinux running, despite the problems with MySQL. Even if you can get a root account, if you don't have the right roles, you are still locked in a tiny little box without a key.
The radical sect of Islam would either see you dead or "reverted" to Islam.
"NASA isn't six-sigma as there are only a few companies in the world that can achieve that kind of quality."
So which companies are six-sigma and what do they produce? IMHO any software "quality" standard that certifies companies rather than products is inherently flawed.
Of course the exploit sample code specifically says only tested on 2.4... [joshuaa@nemo joshuaa]$ uname -a Linux nemo 2.6.9 #1 SMP Tue Nov 30 15:21:17 PST 2004 i686 Intel(R) Xeon(TM) CPU 2.66GHz GenuineIntel GNU/Linux [joshuaa@nemo joshuaa]$ gcc -v Reading specs from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.4/specs
Configured with: [abbreviated]
Thread model: posix
gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
[joshuaa@nemo joshuaa]$ make test
gcc test.c -o test
test.c: In function `check_vma_flags':
test.c:545: warning: deprecated use of label at end of compound statement
[joshuaa@nemo joshuaa]$ ./test
child 1 VMAs 0
[+] moved stack bfffd000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xb5c00000 - 0xffffd000
[-] FAILED: open lib (/dev/shm/_elf_lib not writable?) (Permission denied)
Killed
Only 3.5 million? Don't they have tens of billions in the bank? They should donate maybe half a billion.
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
I got it to compile and run on Debian Sarge with gcc version 3.3.5, kernel 2.4.25-1-386, and it says it succeeded, but I'm still my normal UID, just drops me into a bourne shell:
It would be interesting to know what the score is for those using GRSecurity compiled in.
Non-related. XP users should not smile. DEP can be switched off or bypassed in a wink, or if the exploit exempts itself, prior to overflow tricks.
This is not a hole! This is wheel... if user is in wheel, of course he can access root... ppl don't put ppl on wheel for no reason... that is stupid... Paul startetz wants a lot of attention... wtf... a hole? That is stupid.
errm...
:D )
SElinux?
(don't even get started on the easyness of setting policies for selinux, you get offtopic: post the link of a MS equivalent else you lose the argument
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Second, it'll probably be patched rather quickly.
There is a preliminary patch in testing for the 2.4 series.
Look here.
The file is patch-2.4.29-rc1.bz2
Note that it's in TESTING, because it probably needs testing yet. But if you're desperate to patch it up quickly at your own risk, then there you go.
you dont need a local root exploit on Windows because everyone is root by default
Some drink at the fountain of knowledge. Others just gargle.
Something similiar to th parents reply, I didn't become root, but after about the 20th time of running it it crashed the machine, there goes 60 days of uptime.....
I've got a hardened gcc compiler on my main server, so I compiled on a unpatched machine (stock RedHat 9) and moved it over. Although the RedHat 9 exploit worked fine, my production machine was completly unaffected.
The solution? Grsecurity. Besides the fact that
compiler access is restricted (can't compile exploits), and normal users cannot write anywhere executables are allowed to run (can't copy exploits from other machines), the address-based overflow protection and other protections work like a charm.I'll still apply the appropriate patches to my source tree, but it's nice not to need to do it _now_.
Hear-say and conjecture are "kinds of evidence."
Segfaulted in sys_mmap2 when I tried it on a couple machines. For what it's worth.
TANSTAAFI: There Ain't No Such Thing As A Free iPod.
And since when is conjecture trolling? Unless using terms such as "Generally I'd say" and "I'm wondering" elude to "These are absolute facts". These statements are simply my opinion that the parent is probably not accurate based on my perceptions. Maybe windows has 360000 bugs, maybe 10 billion more - I highly doubt it and I doubt there are any facts to prove or disprove it either.
Reasonable- as long as they choose a very strong password and you have MAC filtering in your SSH to prevent other computers from logging in.
ssh postgres@target
Access denied for MAC 12:34:56:78:90:ab
>ip link set eth0 address ba:09:87:65:43:21
>ssh postgres@target
Access allowed for MAC ba:09:87:65:43:21
Password> *********
Ta Da!
I support the Center for Consumer Freedom
You failed to notice reference to two separate articles I had read in the past. I used the example of Microsoft Windows simply to demonstrate the amount of bugs that are possible in large scale projects.
I too doubt that Windows has 360 000+ bugs (I have no information to prove or disprove this). But even if Windows had 1/4 of the 2 bugs per 100 lines of code it would still be a significant amount. The point being that any large scale programming project will have more bugs than could possibly be patched (or even discovered) before the software is retired .
That explains all the dupe stories on slashdot...
Coder's Stone: The programming language quick ref for iPad
Ouch.
What the fuck? It's completely their choice. They have no obligation to do anything of the sort.
The patch was posted on LKML at Jan 07 2005 - 18:19:17 EST. You can get it from there (of course, you can build your own kernel now, like I just did, or you can wait a few hours, and download a freshly built, mass market kernel (don't worry about how to install it, just use apt-get or up2date or yum and let the system do the update for you. As this is a new kernel, you will have to warm start your computer. Sorry for all the Microsoft fanbois out there who wanted to say 'see, they have a bug'. Now they can only say 'see, they had a bug'. It was in the wild for what...4 hours?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
..
Comment Read. There will be a delay before the comment seeps into your brain.
Actually copyrighting the exploit is kinda cool. Say you are a admin, and some kid gets fresh and tries this out. "Hey kid, not only am I nailing you to the wall for this, but I am turning you over to the guy who "owns" it and you get to pay him a nice fine." No, I think that is it pretty hilarious that the code is copyrighted.
Sera
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
Fair enough, point taken. =)
I'm still not sure if I buy the 2 lines per 100 though. Because after you reach a certain point of complexity, it's hard to say if application 'x' has a function that calles 3-4 routines deep if they all do "what they're supposed to" and there was faulty logic in the model of the program itself. So I'd say it's hard to base bugs off of a raw code count. But then again I don't know because really understanding how a million lines of code is pretty far over my head.
Excuse me, but it's been in the wild since kernel 2.2 and JUST NOW documented in the widespread press. There is a difference.
Tell me, if Microsofts products suck so badly - how did they earn over $38 BILLION in revenue last year?
Oh yeah, "Marketing". And they have a "Monopoly" which forces everyone to pay them money every year somehow.
I forgot.
rebel-base:~$ ./elflbl
child 1 VMAs 0
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xff400000 - 0xffffd000
[-] FAILED: try again (Cannot allocate memory)
In the end a did a quick script and kept it running for 10 minutes. Always FAILED.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
That's the IE way, not nice
for all the people here is another exploit:
http://ko.librie.org/afunixroot.c
that will surely w0rk.
That's why I've been sticking with 2.0.36 all these years. I haven't seen a security advisory for it in ages.
Of course they don't. But they should do it anyway.
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
Yeah, it looked like it was going to crash mine for a minute there. My entire system hanged for about 30 seconds before coming back to life. (Also Debian Sarge).
I've never bought into this Marketing argument. MS's marketing has about as much dazzle as Bill Gates' personality.
On the other hand, look at Apple. Jobs is charismatic and a master media manipulator.
If marketing was the key factor, Apple would be the one with the 90% market share instead of MS.
i'm getting the same segmentation fault as well.
2.6.9-gentoo-r13
I know how to become root if I need to be root. Not a big deal.
.
It was explained to me and it involves. .
I am not going to say.
It isn't the same thing as this.
Comeon, don't we all know that if you are physically sitting at a machine you can do what you want if you know the secret ways to do it.
I won't tell you what they are.
This is so totally not like Windows, where you can bullox the thing from half way around the world with a single piece of spam.
Windows sucks. Linux rocks
All those MCSE dorks down the hall are gonna give me sh*t for the next week.
Reminds me of a punchline to my favorite Scottish joke:
"Aye, lad...ya screw ONE goat..."
I might know what I'm talkin' about, but then again, this is Slashdot...
Only to an Evolutionist.
That's why you should always put curly braces on their own lines, to increase your total lines of code. Helps achieve a more favorable sigma.
Shame on Google.
MS's marketing has about as much dazzle as Bill Gates' personality.
You are conflating "advertising" with the much broader term "marketing", which includes many more aspects of making a sale. For example, exclusive OEM bundle agreements are one aspect of aggressive marketing.
For high-budget corporate customers, an impression of "dazzlement" can be a negative, as it signals a product meant for artists and radicals.
# Anal Sex Positions
* Doggie Style Probably the most commonly thought of anal sex position is "doggie style", where the receiving partner kneels on all fours and the inserting partner approaches from the rear. Though this is the most common anal position, it's not necessarily the most comfortable or the best beginner position, as the position of the receiving partner tends to tighten up their anus.
* Flying Doggie A variation of the popular doggie style position in which the giver stands behind the receiver (instead of kneeling) and places their feet outside the legs of the receiver. You'll find that the giver will be positioned higher and will be inserting into the anus in a more downward fashion (you're almost in mid-leap if you were playing leapfrog).
* Missionary The standard missionary style position (man on top, partner on bottom) is actually also the best beginner position for anal sex, as it allows the receiver to fully relax the anus, making penetration much easier.
* Anal Drop This position puts the receiver on top and the giver on the bottom. You might think that this is the best beginner position, since it gives the receiver control over how much - how fast, but being on top actually causes the receiver to involuntarily tighten up the anus, making penetration difficult.
* Double Penetration Available only to women as a receiver, the art of double penetration can bring extreme pleasure to the woman. Because the anus is highly sensitive and there are many shared sexual nerve endings between the walls of the vagina and the anus, simultaneous stimulation can be quite erotic.
* Side Anal Another good beginner position is side anal, where the receiver lays on their side and the giver approaches from the rear. The receiver can relax the anus and the giver can easily access the entire anal area.
* Kama Sutra Anal The Kama Sutra is an ancient text that teaches us to how to maximize our pleasure during lovemaking. It also teaches that anal sex is not "taboo" or forbidden. Rather, anal sex is looked upon as a key to releasing certain sexual and physical energies.
* Wheel BarrelIn this position, the giver approaches the receiver from behind, similar to doggie stye, but lifts the receiver's legs into the air. The receiver must support themselves with their arms only or lay flat on a bed or chair.
# Anal Sex Tips
* Preparing for Sex To get ready for anal sex, the first thing the receiver needs to do is relax. A hot bath or a massage beforehand is always a good idea to get prepared.
* Start Slowly Because there is a very fine line between pain and pleasure during anal sex, we suggest that you begin your anal explorations very slowly and proceed at a leisurely pace that will allow to experience and appreciate each level of insertion.
* Proper Lubrication More so than in any other form of sex, proper lubrication is essential in the enjoyment of anal sex. Every time you insert anything into the anus, from a finger to a penis, you're likely to tear tissue walls along the sides (much like you do to the inside of your mouth every time you brush your teeth).
* Male Prostate Stimulation Though many men are reluctant to admit it, most find some sort of anal stimulation to be erotically stimulating. Even non-gay men report that inserting a finger or butt plug into the anus during sex causes incredible, throbbing orgasms.
* Anal Orgasm A small percentage of men and women can achieve actual orgasm through exclusive anal stimulation (ie., anal stimulation alone). Though many men and women enjoy and take great pleasure in anal stimulation, it is most often in conjunction with normal sexual activities, the orgasm is simply heightened by anal sex.
* Combination Sex Most people find that anal sex is a tremendous tool to enhance their regular sex activities. In a majority of cases, the actual anal sex is used in conjunction with a variety of other sexual activities and positions.
* The Best Anal Position
Yes, Debian stable is no fun to run on your desktop. But for your servers and public area machines it's the best choice.
This post written under Gentoo-linux with an SCO IP license.
I expect they are just covering their asses agianst being sued for helping some kid take down google. If they prohibit modification/distribution then legally they are not providing something you can use in an exploit. If you are going to take down google with this, what the hell do you care about the copyright.
-- http://thegirlorthecar.com funny dating game for guys
Am I the only one who sees this as a reason to keep my roomate away from my comp and not worry about Gates invading my privacy?
Pls RTFM bfr cmmnt kthxby.
I had to add the flag -Dmodify_ldt_ldt_s=user_desc to the gcc command line to get this to compile on a Linux 2.6 system with vanilla kernel headers and a vanilla generic glibc 2.3 installation.
You can uninstall MSIE and most browsing components without affecting the windows shell at all. To fully uninstall all browsing components you do need to replace the shell with litestep or the windows 95 explorer (98 only). Both 98lite and xplite support fully uninstalling MSIE and all browsing components, even those needed for the default explorer.exe shell to work.
Its funny how all the 0.x versions of open source software I am running never seem to crash and burn like Windows (and commerical Windows software...3rd party developers make buggy software too)
I think it is a cultural thing. MS has lowered everybodys expectations far, far to much. Now many developers and users on Windows think that buggy and crashy code is acceptable.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Shouldn't that be TANSTAAFi?
Best Slashdot comment ever
The older servers still run Solaris on Sun hardware, but Sun hardware is just so much slower and more expensive than commodity x86 hardware that they've been migrating to Linux on x86.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
The entire point of the Unix account system is that you can give people accounts on your system with restricted privileges. As opposed to Windows, where (until recently) any user could touch anything, on Unix systems users can only touch certain things. Thus, you can safely give people accounts on, say, a compile-farm to run their code. Or a Beowulf cluster to run overnight simulations. All without them all having access to everyone else's accounts, or being able to mess up the server.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
After all, if someone brought down all those linux servers they use for their website, it would be a bad thing (for them and their customers).
(Yes, I know that they only use linux for caching severs, but they still rely on them to handle the amount of traffic their website receives. And yes, I know it's a local one, so you'd need an account on the caching servers to do it... I'm just saying that I'm sure some execs at MS are probably a bit concerned.)
On a side note, I wonder how people with massive collections of high profile linux machines (like akamai) feel about a local exploit like this.
I'm running windo
I suspect that the shareholders would disagree !
Of course, by default the kernel isn't installed from a package so it won't update as part of the normal update/upgrade unless the user has installed a specific kernel image from apt before.
Sarge, aka Debian 3.1, is the codename of the next release... and like the other child poster said, they're named after characters in Toy Story.
For example, the development branch is called Sid, because Sid was the kid next door who broke the toys.
If you look at the Debian Archive you'll see old distributions included bo, buzz, hamm, rex and slink.
Ciao,
TSK (611371).
There are many major differences between that and the M$ crack. The most important being:
Please don't try to compare the Microsoft monoculture disaster to free software. You can't.
Friends don't help friends install M$ junk.
"For example, exclusive OEM bundle agreements are one aspect of aggressive marketing."
I'm not an expert so I can't judge if OEM bundle agreements should be classified as marketing. It sounds more like negotiation on the terms of a sale to me.
"For high-budget corporate customers, an impression of "dazzlement" can be a negative, as it signals a product meant for artists and radicals"
As far as advertising is concerned, IBM's services Ads on TV are far more interesting than anything MS has done and high-budget corporate customers are their bread-and-butter.
Good doG, can either of you two spell?
Why should I believe a word you two say, when you can't spell simple stuff like 'disclosure', 'full', 'correlation', or 'whether' right? Sheesh.
Is that while you've posted to this story from your all three of your troll accounts that they only one not modded down is your rd_syinge account (too bad for your bonch account).
You can complain all you want about the moderation system, but if it's truly reformed you won't be able to abuse it anymore with your multiple accounts. Why don't you stick that in your pipe and smoke it you smug, arrogant son-of-a-bitch!
but you still think its save to run a machine whoms kernel you potentionally may have fucked up?
I'm sure they would. That's part of why I hate capitalism. No I'm not a communist. I am a libertarian socialist.
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
What's particularly funny here is that you're asserting Microsoft has the "industry standard rate of bugs" and then (from your sarcasm) implying they're worse than average...
This is a perfect example of /. failing. This thread is next to useless for finding information related to fixing this problem, especially regarding the 2.6 kernel. So let me share (don't ask me why).
/ linux-2.6/2.6.10/
5 01071130.patch
What Alan Cox and Linus have to say on the subject:
http://kerneltrap.org/comment/reply/4503
Alan Cox already fixed it in 2.6.10-ac, I assume this to be as of ac6, but you should grab -ac10 (or whatever is the latest):
ftp://ftp.kernel.org/pub/linux/kernel/people/alan
This method is unlikely to make it into the mainline kernel.
grsecurity also fixes it, using do_brk_locked():
http://www.grsecurity.net/linux-2.6.10-secfix-200
This method is also unlikely to make it into the mainline kernel, but it should work fine.
Both of these "fixes" present their own set of problems; I am not familiar with the -ac patchset and it would foolish to apply it to a production environment. The grsecurity "secfix" patch is specified for use _after_ applying the main grsecurity patch, so for those that don't use/desire it may pose a problem.
This is rather shameful, that an official patch does not exist days after the advisory was published. This is Microsoft bad, or worse! It makes Linux look like a toy, not a serious contender in the enterprise. SIGH
Must-not-watch TV!
Being setuid this cannot be subverted by using LD_PRELOAD or similar mechanisms to fool sudo into thinking it's running on an interactive terminal (or to inject characters into the input).
I think that covers everything.
HAND.
...if I wanted to use this on an account, I sure as hell wouldn't use my account. How easy is it to get someone else's (standard unprivilidged account) at any school or university? Hint: Really easy.
Live today, because you never know what tomorrow brings
I don't think virus-writers need any more good luck... But local root vulnerability means they can only compromise a few tens of thousands of people at a time
Agreed with your point however he states "virus writers", which refer to one or one group of associated writers can comprimise tens of thousands of people, in the context of "versus" rather than the whole internet, seems to imply 10,000+ machines not "user accounts" given the implicit design of "virii" (or more accurately worms) in their spread..if 10,000 users of one box are comprimised ie, one rooted machine, then a worm/virus obviously is not the method in which this "spreads". It's simply the context in which he stated what he did. My statement suited my view of what he stated. Though I am fully in agreement that one box with X number of users is comprimised, X number of people have been comrpimised since root can see all and use all of those accounts... robf();
OpenBSD (and NetBSD and FreeBSD) have a better security track record than Linux or Windows.
When OpenBSD people find a bug, the audit the code and look for other instances of the same flaw. The perfectionist attitude is quite refreshing.
The OpenBSD team is like a bunch of border collies, compulsively working to keep the rest of us safe.
I wish more people prioritized security over rich features and convenience (there isn't any real reason to do so). Thank goodness that the OpenBSD people do what they do! What a thankless job.
http://www.thebricktestament.com/the_law/when_to_
Shatter attacks.
A couple years ago I identified that a worm was geting past a lot of virus software simply because it had CF/LF's at the end of each line instead of just CFs; they looked identical, but they were not, and virus software was missing the new "strain".
I emailed a well-known head of a well-known security mailing list, who just so happens to work for a private security firm. He congradulated me, thanked me for finding it. The next day- I found an article where he was interviewed and said "I found..." and then pretty much word for word what I wrote in my email.
I was fucking pissed. The guy stole credit for my discovery, and I began to see why he was such an "expert" in the field.
I understand EXACTLY where this guy is coming from.
Please help metamoderate.
I know it's a joke and all, but the grandparent to your post defined lines as ending with a semicolon. So, where you put your braces wouldn't make a difference.
So how do you actually count lines? One statement = one line?
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Ah, but in that case, just replace all instances of ';' with ";;;;;;;;;;".
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Alan Cox has a patch up for the 2.6.10 kernel, available here.
The file is patch-2.6.10-ac8.bz2 (or later)
This is also still considered "testing" until merged.