Slashdot Mirror


Linux Kernel 2.6 Local Root Exploit

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

14 of 586 comments (clear)

  1. The sound you hear... by downix · · Score: 5, Funny

    And the next sound you shall hear are millions of nerds rushing into their offices to compile a new kernel on a sunday afternoon... along with the millions of cell phones ringing as the bosses read this...

    --
    Karma Whoring for Fun and Profit.
  2. jessica_biel_naked_in_my_bed.c ? by Anonymous Coward · · Score: 5, Funny

    I strongly suspect this code doesn't do what it says on the tin.

    1. Re:jessica_biel_naked_in_my_bed.c ? by LiquidCoooled · · Score: 5, Funny

      Thats because you are compiling it with the wrong target.

      You need to include justin_timberlake.h and link it with the millionaires library.

      --
      liqbase :: faster than paper
    2. Re:jessica_biel_naked_in_my_bed.c ? by BJH · · Score: 5, Funny

      realdoll_and_a_tube_of_lube_on_my_inflatable_mattress.c ?

  3. Thank God by Zoxed · · Score: 5, Funny

    Phew, lucky I run MS Windows then !!

    1. Re:Thank God by Anonymous Coward · · Score: 5, Funny

      That's like finding out there's a new 24-hour flu going around, and thanking God the AIDS will kill you first.

    2. Re:Thank God by monkeySauce · · Score: 5, Funny

      Phew, lucky I run MS Windows then !!

      I know what you mean. It's nice not having to freak out periodically like this since you live in a constant state of panic anyway.
  4. Re:Misleading by fo0bar · · Score: 5, Funny

    This is not an universal problem. It only occurs for those kernels with a specific function compiled in that most installations won't need, and which halfway decent sysadmins won't have as part of the kernel anyhow when they don't need it.

    Yet another good example of why you shouldn't hire the sysadmins who blindly use what the vendors ship, but security and performance minded sysadmins who reduce installations to what's actually needed.

    Which reminds me, have you done your emerge -abuop6QvvvvVVvVVxz world yet today?
  5. Re:Beauty of OSS by caluml · · Score: 5, Funny

    I don't think I'm the first of us to say "Ah shit". No, you are, you really are! Google confirms it!

    Your search - "Ah shit" - did not match any documents.
  6. Re:Misleading by BasharTeg · · Score: 4, Funny

    Quick, cue the Linux apologists! Damage control! Spin it! Only noobs and bad administrators would be affected!

  7. Re:Before the inevitable occurs: by QuantumG · · Score: 3, Funny

    Yeah, this is an example of one of the millions of Linux kernel holes there are out there. Every now and then, a blackhat gets a job and wants to impress his employer so he pulls out some of his old code and polishes it up. You can tell when it happens because they are so childish that they make the exploit trivial to demonstrate and distribute it far and wide. And you just know that every blackhat who had a variant of this exploit in their personal collection are like "well thanks asshole, now I've got one less Linux kernel exploit.. bastard."

    --
    How we know is more important than what we know.
  8. Re:ssh by Wakko+Warner · · Score: 3, Funny

    Thankfully, nobody runs Linux on enterprise-class hardware.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  9. Re:Beauty of OSS by LizardKing · · Score: 4, Funny

    However, bricks = shat.

    Come on now, that simply assigns shat to bricks (and that's some nasty use of the comma operator to separate statements). I think you meant:

    while (exploitable) {
    Bricks *bricks = malloc(sizeof(Bricks));
    shit(bricks);
    sleep(1);
    }

    Note that we don't have to dispose of the bricks we shit, as that's taken care of elsewhere. And of course, if we all still wrote VAX assembler we would be able to optimise this by using the SHTBRCKS instruction.

  10. Re:Beauty of OSS by XenoPhage · · Score: 3, Funny

    So while it may not be difficult to spot some wayward code if you are a geek, it might not be if you are a 65 year old hippie who knows almost nothing about computers. What does RMS have to do with this?
    --
    XenoPhage
    Technological Musings