Slashdot Mirror


Linux Kernel 2.6 Local Root Exploit

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

11 of 586 comments (clear)

  1. The sound you hear... by downix · · Score: 5, Funny

    And the next sound you shall hear are millions of nerds rushing into their offices to compile a new kernel on a sunday afternoon... along with the millions of cell phones ringing as the bosses read this...

    --
    Karma Whoring for Fun and Profit.
  2. jessica_biel_naked_in_my_bed.c ? by Anonymous Coward · · Score: 5, Funny

    I strongly suspect this code doesn't do what it says on the tin.

    1. Re:jessica_biel_naked_in_my_bed.c ? by LiquidCoooled · · Score: 5, Funny

      Thats because you are compiling it with the wrong target.

      You need to include justin_timberlake.h and link it with the millionaires library.

      --
      liqbase :: faster than paper
    2. Re:jessica_biel_naked_in_my_bed.c ? by BJH · · Score: 5, Funny

      realdoll_and_a_tube_of_lube_on_my_inflatable_mattress.c ?

  3. Thank God by Zoxed · · Score: 5, Funny

    Phew, lucky I run MS Windows then !!

    1. Re:Thank God by Anonymous Coward · · Score: 5, Funny

      That's like finding out there's a new 24-hour flu going around, and thanking God the AIDS will kill you first.

    2. Re:Thank God by monkeySauce · · Score: 5, Funny

      Phew, lucky I run MS Windows then !!

      I know what you mean. It's nice not having to freak out periodically like this since you live in a constant state of panic anyway.
  4. Re:Misleading by fo0bar · · Score: 5, Funny

    This is not an universal problem. It only occurs for those kernels with a specific function compiled in that most installations won't need, and which halfway decent sysadmins won't have as part of the kernel anyhow when they don't need it.

    Yet another good example of why you shouldn't hire the sysadmins who blindly use what the vendors ship, but security and performance minded sysadmins who reduce installations to what's actually needed.

    Which reminds me, have you done your emerge -abuop6QvvvvVVvVVxz world yet today?
  5. Re:Beauty of OSS by caluml · · Score: 5, Funny

    I don't think I'm the first of us to say "Ah shit". No, you are, you really are! Google confirms it!

    Your search - "Ah shit" - did not match any documents.
  6. Re:Misleading by BasharTeg · · Score: 4, Funny

    Quick, cue the Linux apologists! Damage control! Spin it! Only noobs and bad administrators would be affected!

  7. Re:Beauty of OSS by LizardKing · · Score: 4, Funny

    However, bricks = shat.

    Come on now, that simply assigns shat to bricks (and that's some nasty use of the comma operator to separate statements). I think you meant:

    while (exploitable) {
    Bricks *bricks = malloc(sizeof(Bricks));
    shit(bricks);
    sleep(1);
    }

    Note that we don't have to dispose of the bricks we shit, as that's taken care of elsewhere. And of course, if we all still wrote VAX assembler we would be able to optimise this by using the SHTBRCKS instruction.