Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel 2.6 Local Root Exploit

Posted by kdawson on Sunday February 10, 2008 @08:23AM from the batten-the-hatches dept.

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

3 of 586 comments (clear)

Min score:

Reason:

Sort:

Re:Buggy Code by Kreigaffe · 2008-02-10 08:39 · Score: 0, Offtopic

I'm sorry, but your OS has caught teh A1DZ

--
... still waiting for this free-as-in-beer free beer I keep hearing about. :|
Re:But this can't be real! by ceeam · 2008-02-10 09:18 · Score: 0, Offtopic

Y'know - Windows is bad not only because it has "defects" but primarily, IMO, because it's so weak, it's basically defective by design with no hopes of fixing. For example - when it's gonna have a real filesystem with name/file (or inode if you like) separation? So I can do updates of things without reboots? So I can rename/replace/delete the file even if it's (gasp) opened or if some other process has CWD in the directory I want moved/deleted?

Or ulimits? Will Windows ever have those? How do you even run any real server without ulimits?

Etc...
Re:But this can't be real! by LingNoi · 2008-02-10 09:45 · Score: 0, Offtopic

Stop trolling and flamebaiting.