Linux Kernel 2.6 Local Root Exploit

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

For those that would rather write than read.

[delire]

This is a local exploit in that kernel version range, in other words instigated by someone at a keyboard connected to the host and with an existing user account on the machine.

Re:Buggy Code

[Kreigaffe]

I'm sorry, but your OS has caught teh A1DZ

Re:But this can't be real!

[ceeam]

Y'know - Windows is bad not only because it has "defects" but primarily, IMO, because it's so weak, it's basically defective by design with no hopes of fixing. For example - when it's gonna have a real filesystem with name/file (or inode if you like) separation? So I can do updates of things without reboots? So I can rename/replace/delete the file even if it's (gasp) opened or if some other process has CWD in the directory I want moved/deleted?

Or ulimits? Will Windows ever have those? How do you even run any real server without ulimits?

Etc...

Re:Actual trial of the exploit.....

[larry+bagina]

nah... this is a nasty hole.

Re:Beauty of OSS

[dotancohen]

Wow... 3 posts before some twat turned it into a platform for bashing Windows.

Pretty good. That's 2 more posts than I expected when I read the headline... Yeah, my wife also complains that I get to the point rather quickly. I know you girls hate that.

Re:But this can't be real!

[LingNoi]

Stop trolling and flamebaiting.