Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel 2.6 Local Root Exploit

Posted by kdawson on from the batten-the-hatches dept.

aquatix writes "This local root exploit (Debian, Ubuntu) seems to work everywhere I try it, as long as it's a Linux kernel version 2.6.17 to 2.6.24.1. If you don't trust your users (which you shouldn't), better compile a new kernel without vmsplice." Here is millw0rm's proof-of-concept code.

1 of 586 comments (clear)

  1. Re:Beauty of OSS by El+Lobo · · Score: 1, Troll
    And **how** in the world can you be sure that the thousand of users using this versiuon kernel:

    1) Know about the bug

    2) Can change/recompile the kernel

    3) Even know what a compiler is

    4) Even care to fix it thinking about "I'm using Linuzz, I'm invencible"

    That's the beauty of close Source. One Live Update service to fix them all. Not trolling. Just not everything is black and white. There are a LOT of shades of gray there in between.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!