Slashdot Mirror


No ELF Vulnerability in 2.6 Kernel

gaijincory writes "Greg KH, the co-maintainer of the 2.6 kernel has posted a comment on lwn.net confirming that there is indeed no such ELF vulnerability as spelled out by Paul Starzetz on isec. The bug was originally thought to be particularly nasty, allowing a malicious user to gain elevated privileges using a carefully crafted binary which would exploit the kernel's Executable and Linking Format. The bug's author confirmed that no one has been able to repro the exploit."

5 of 86 comments (clear)

  1. No ELF vulnerability eh? by NightWulf · · Score: 4, Funny

    What about the DWARF and GNOME vulnerabilities though? Eh where's your answer now Greg?

    1. Re:No ELF vulnerability eh? by CamilaAcolide · · Score: 4, Funny

      Ahhh, just like old times... "MY DWARF IS GONNA DEBUG THAT ELF!" "OK, ROLL 1D20" ... "YOU MISSED, THAT ELF HAS NO VULNERABILITIES!!"

  2. The bug's author? by Looke · · Score: 5, Funny
    Who's "the bug's author"? He who discovered it or he who wrote the code?

    "I'm a bug author. Today I've written five bugs!" Sounds like a nice career choice ...

  3. As an Elf... by Zakabog · · Score: 4, Funny

    Speaking for myself, and elves everywhere, this is great news. I can finally use my favorite OS without worrying about any attacks I'm opening myself to.

  4. Re:Why so confident? by maxwell+demon · · Score: 4, Funny

    Hmmm ... this gives me an idea. You can extend a file from the shell by using the >> operator on it. Maybe I might be able to double my memory for free by just doing cat /dev/kmem >> /dev/kmem.

    This technique could have other uses as well. Your hard disk is too small? Well, double your hard disk space with cat /dev/hda >> /dev/hda. You can even make a floppy as large as your hard disk by typing cat /dev/hda >> /dev/fd0!

    Well, actually I think I'll make my main memory and disks grow infinitely:

    cat /dev/zero >> /dev/kmem & cat /dev/zero >> /dev/hda &

    SCNR :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.