Bug In Most Linuxes Can Give Untrusted Users Root

Red Midnight and other readers brought to our attention a bug in most deployed versions of Linux that could result in untrusted users getting root access. The bug was found by Brad Spengler last month. "The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution... doesn't properly implement that protection... The... bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. ... [Spengler] said many other Linux users are also vulnerable because they run older versions or are forced to turn off [mmap_min_addr] to run certain types of applications." The register reprints a dialog from the OpenBSD-misc mailing list in which Theo De Raadt says, "For the record, this particular problem was resolved in OpenBSD a while back, in 2008. We are not super proud of the solution, but it is what seems best faced with a stupid Intel architectural choice. However, it seems that everyone else is slowly coming around to the same solution."

Re:So?

[yttrstein]

I say "I'd rather pay nothing for bugs like this than $400 for all the same borkedness in Server 2008"

Re:obvious troll is obvious.

[zennyboy]

Actually, I was not trolling. Put simply, if this EXACT BUG was discovered in Windows, OS persons would be jumping about like grass-hoppers that THIS could never happen in OS software, MS is EV1L etc. Yet here we are, and several releases later, only NOW is this bug discovered... The Many Eyes theory looks weak...

meta-trolling

[Gothmolly]

Editors, why troll by quoting the vocal spokesperson of a different OS to comment on a Linux problem?

Re:Bishop bashing bonobos

[teknopurge]

Linus was upset that someone was basing a modern OS on BSD. boo-hoo. Solaris still innovates more than Linux, all Linux does is try to replicate commercial functionality in "Open Source". The case can be made that the OpenBSD project has had more innovation(openssh, CARP, etc.) than Linux.

Re:So?

[morgauxo]

I could say "The... bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature."

I could compare the average time to fix a critical bug between the two platforms.

I could point out that we will never know what bugs Microsoft is sitting on without reporting.

I could point out how Windows servers just don't seem to work well if they aren't rebooted regularly while Linux boxes just seem to go until the hardware wears out.

I could point out that my wife's Vista box is 2 to 4 times faster than my Gentoo box in just about all hardware stats and yet I usually get about 10 times the framerate in games with 3D graphics.

I could point out all the hardware (printers, scanners, etc...) my Windows using friends and relatives threw out because there were no Vista drivers.

I could point out the ease of installing software with a good package manager.

I talk about the wealth of free software available for Linux (yes, some of it has Windows ports)

I could mention the price of Windows, or the prices of most of the popular software that most Windows users claim they need Windows for. (not really relevant when most people pirate it anyway though)

I might go on and on telling all sorts of true stories about Windows vs Linux but who would really want to read them.

Re:obvious troll is obvious.

[Runaway1956]

This ^ What Blueskies says. Everyone in the freaking world needs to take a breath or ten, and THINK about - wait now - NOT the bugs, or even how many bugs, but HOW THE BUGS ARE HANDLED!!

I'm a recent convert to Linux, TBH. I've only been running it for about 5 years. Almost every month, I stumble over some article about a flaw in Linux. Yes, sometimes I get that almost juvenile sinking feeling, "OH NOES, DA PENGUIN IS FORKED NOW!!"

But, with every bug reported, there is a VISIBLE community effort to FIX THE BUG!!

Let's just suppose that starting today, 50 new bugs are reported in Linux and Linux apps every single day for a YEAR. Just suppose that 25% of them are serious bugs. I will STILL FEEL SAFER with Linux, than with Windows. Why, you ask? See that last one-sentence paragraph. With Windows, they often fail to acknowledge that there IS a bug. When they do admit, "There's a bug!", there is no obvious, visible effort to fix the bug. Often times, you can't tell that the bug HAS BEEN fixed. If it is ever fixed, the fix is kinda snuck into the system through automatic updates. THEN, you have to worry if the fix might break something else. Remember Windows XP SP3 and the endless reboot cycle? It bit me on two machines.

Open source is great. It's - uhh - what's the word I want - oh - OPEN!!! Someone says, "Hey, Linus, I think the kernel might be a little borked here." To which Linus responds, "Show me. Hmm, yeah, maybe it is - let's work on it."

Yes, I feel good about Linux - bugs and all. I know that if I ever get smart enough to show Linus a trick or something, he'll say "Thanks, dude!" Windows? Phhht. Show them something they don't know about their operating system, they're as likely to charge me with a trumped up crime for illegally reverse engineering, as anything.

Maybe that penguin doesn't rule, but you can trust the little bastard.