Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel 2.6 Local Root Exploit

Posted by kdawson on from the batten-the-hatches dept.

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

6 of 586 comments (clear)

  1. Fuck, this is bad by ceeam · · Score: 0, Troll

    Linus's VM games strike again. Crap. Can we please have some stable kernels again? Any hope?

    In the mean time I only use FreeBSD for my servers.

    1. Re:Fuck, this is bad by mvdwege · · Score: 0, Troll

      Yes, we know you are l33t.

      Mart
      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
  2. Re:How do I get infected? by heinousjay · · Score: 0, Troll

    I'm hoping for your sake this was a troll, because the alternative is you're retarded.

    --
    Slashdot - where whining about luck is the new way to make the world you want.
  3. Re:Beauty of OSS by El+Lobo · · Score: 1, Troll
    And **how** in the world can you be sure that the thousand of users using this versiuon kernel:

    1) Know about the bug

    2) Can change/recompile the kernel

    3) Even know what a compiler is

    4) Even care to fix it thinking about "I'm using Linuzz, I'm invencible"

    That's the beauty of close Source. One Live Update service to fix them all. Not trolling. Just not everything is black and white. There are a LOT of shades of gray there in between.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  4. Re:Thank God by heinousjay · · Score: 0, Troll

    No, it's more like your inability to understand a simple distinction.

    --
    Slashdot - where whining about luck is the new way to make the world you want.
  5. Re:Misleading by ArbitraryConstant · · Score: 0, Troll

    Of course, if you're hand-compiling everything, you won't have time to apply a patch every time an exploit is discovered in something you do need. You'll be less secure unless you have implausibly large amounts of time to track and maintain everything.

    It's not blindly using vendor binaries, there's nothing blind about it. It's a very explicit cost/benefit analysis. Those vendor binaries save time upfront with the install, they save time with patches and upgrades, they vastly increase the number of servers an admin can maintain, and they make support with whatever vendors you're dealing with much easier.

    --
    I rarely criticize things I don't care about.