Weakness In Linux Kernel's Binary Format

← Back to Stories (view on slashdot.org)

Weakness In Linux Kernel's Binary Format

Posted by ryuzaki0 on Tuesday October 3, 2006 @10:50AM from the get-right-on-this dept.

Goodfellas writes, "This document aims to demonstrate a design weakness found in the handling of simply linked lists used to register binary formats handled by the Linux kernel. It affects all the kernel families (2.0/2.2/2.4/2.6), allowing the insertion of infection modules in kernel space that can be used by malicious users to create infection tools, for example rootkits. Proof of concept, details, and proposed solution (in PDF form): English, Spanish.

11 of 281 comments (clear)

Min score:

Reason:

Sort:

1 meg PDF? by Lehk228 · 2006-10-03 10:52 · Score: 4, Funny

yes, a pdf linked from slashdot will last a long time...

oh wait it's already gone

--
Snowden and Manning are heroes.
1. Re:1 meg PDF? by Kingrames · 2006-10-03 11:20 · Score: 2, Funny
  
  Let's hope it didn't contain the malicious code. You know someone thought of it.
  
  --
  If you can read this, I forgot to post anonymously.
Too bad you have to be root. by czehp · 2006-10-03 10:54 · Score: 5, Funny

OMFG! I have a security flaw... but you have to be _root_ to execute it! AHHHHH It's the end of the world!

I discovered a new one too... if you run rm -rf / as root you'll bork your system!

We should all go back to windows, where rm doesn't exist ^_^
And? Hol-e terror. by Anonymous Coward · 2006-10-03 11:00 · Score: 3, Funny

"Yes, look for these sorts of things and find them but it's hardly worth the shock-factor of "Massive Hole Found In Linux" panic headlines."

If I found Goatse.cx in Linux? I'd panic too.
simply by Anonymous Coward · 2006-10-03 11:30 · Score: 5, Funny

simply linked list

As opposed to difficultly linked lists?
Weakness In Linux Kernel's Binary Format by nick_davison · 2006-10-03 11:46 · Score: 5, Funny

A weakness in the binary format? OK, who's to blame here, the ones or the zeroes?

You'd have thought they'd have caught this sooner. It's not like it's that long of a list to exhaustively test.
1. Re:Weakness In Linux Kernel's Binary Format by a.d.trick · 2006-10-03 13:11 · Score: 2, Funny
  
  It's not the individual 1's and 0's. It's when they get together that you start to see problems. You wouldn't believe the horrible things that can happen when you get a horde of 1's and 0's together.
2. Re:Weakness In Linux Kernel's Binary Format by eggoeater · 2006-10-03 13:15 · Score: 2, Funny
  
  Binary! BAH!!
  
  I've always said if you want a secure kernal, you code it in analog format.
  
  --
  $7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
Re:Probably none. by TeraCo · 2006-10-03 12:08 · Score: 4, Funny

but this is both time consuming and impossible
Phew, I'm glad it's not just impossible. That might have been risky.

--
Not Meta-modding due to apathy.
Re:Probably none. by BJH · 2006-10-03 13:56 · Score: 1, Funny

That already exists on Linux - the key combo is Ctrl+Alt+Backspace. You will be presented with an prompt for your username and password which cannot be replicated in the standard user interface.
Once again... by Anonymous Coward · 2006-10-04 06:36 · Score: 1, Funny

Every few months, yet another news story appears which earns Linux their true slogan:

"Linux: got r00t?"