Slashdot Mirror
Local Privilege Escalation On All Linux Kernels
QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"
sudo
Please, this is a _local_ privilege escalation. It's not like code red infecting your box remotely. A sledgehammer is also a local privilege escalation.
uh huh..and the 8 years it took to discover don't matter, eh?
If this were Windows, we'd first hear about it when our machines get owned by some malware, and then it would take months for a patch to be released. Since this is Linux, expect a fix in a week or less.
How can you trust that a user hasn't used a privilege escalation to install a rootkit already? You can't trust apt-get, or yum, or anything.
Fresh install time, surely? Back to the bare metal.
Expect a source fix with no regression testing in a week or less. Wait months for the big distribution makers (RedHat, Novell) to release it to the masses.
Expect people manually rebuilding their kernel in panic, having machines rendered unbootable because they decided the 250$ bucks for the iLO Advanced license wasn't worth it since Linux never crashes, etc. pp.
Face it: IT sucks. The OS matters little.
Does this mean that Linux was never more secure than Windows--only more obscure?
It's hardly obscure since they could look and find it, evidenced by the fact they found it.
Go try that with the Windows kernels!
In addition, there is already a patch out for this, which by end of the week will be pushed down from the distro managers. We don't have to wait years after finding it for the fix to be released, as Microsoft historically does.
In fact, why just assume this similar bug is NOT in the windows kernel? Did you check? Did any reputable security company check?
I'm not saying it is there, only that you can't easily prove otherwise.
*that* is the security being spoken of.
As far as I know, only one OS claims no exploits, and that is OpenBSD.
The transparent thing works both ways... it's easier for black hats to find holes too, by your own logic. And they can keep it secret and exploit it as long as they can. A similar bug existing in Windows doesn't prove anything and is irrelevant here. After all 'M$ can't code shit'. Linux and FOSS is commonly claimed to be more secure because of it's development model and bug free here in these parts. Any data that runs counter to this is routinely downplayed by commenters and moderators... just like your post got modded up.
This space for rent.
Also, did you bother reading what this exploit does? It is very bad because it allows user programs to gain administrator privileges. This is insecure because it puts Linux in a category that's as insecure as all pre-vista windows computers and also the UAC-enabled-because-else-it-is-useless vista and 7 computers. That's the problem here, it moves Linux to a windows state...
Finally, it is easier to find flaws in Linux, this increases the chances blackhats found bugs, but it also increases the chances someone else will find it in paralel, preventing your hypothetical situation...
Ironically, it is because of some artificial obscurity that this bug was present and took so long to find. Most vulnerabilities aren't caused by obscure optimization issues, and are findable in source code, those were a non-issue thanks to the lack of obscurity. So this actually proves obscurity != security.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
nobody (the apache account) is a local user.
Security through obscurity does mean the thought that that as long as no one knows about it, it's not an issue. Being open source doesn't make you immune to this. What would make you immune to this would be formal testing and security audits of every component, like is done on things like the space shuttle. This is generally prohibitively expensive for situations where actual life and limb danger isn't a factor, which is why no commonly used operating system implements this strict security level. Sure, having a lot of eyes looking at the Linux kernel helps (and it eventually worked in this case) but just being open source doesn't mean it's secure.
Local exploit in kernel + arbitary code execution exploit in network service = remote exploit.
You know, like running WordPress.
It would be quite an accomplishment to introduce a remote exploit directly in the kernel.
Parent is not a troll. Local Exploit still means a bug in firefox can leave your box totally "PWND!" A local exploit is more dangerous for a desktop computer than a server. but is still a very real concern.
How much local privilege escalation vulnerabilities normal windows users worry about?
They probably don't worry about it at all because the vast majority of Windows users log in and run with an administrative level account in the first place.