Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel 2.6 Local Root Exploit

Posted by kdawson on Sunday February 10, 2008 @08:23AM from the batten-the-hatches dept.

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

3 of 586 comments (clear)

Min score:

Reason:

Sort:

Re:ssh by Unoti · 2008-02-10 08:44 · Score: 0, Flamebait

Oh sure, you're recompiling the kernel of your production environments from home. Hopefully, everything will go really well! Better hope it boots properly the first time! Or perhaps this is a normal procedure for you, and you can change kernels remotely easily when the system won't boot.
Re:But this can't be real! by SwashbucklingCowboy · 2008-02-10 09:31 · Score: 0, Flamebait

Nonsense-generalising makes the world go round.

You mean like how Linux zealots are constantly bashing Windows for "being bad"?
Re:Misleading by agurkan · 2008-02-10 10:35 · Score: 0, Flamebait

"Grow up, get a real job and see what the real world is like."

sounds like a bitter adult to me. some people are really happy staying as curious kids, compiling their kernel and do other stuff that is interesting to them, rather getting a "real job".

--
ato