Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux X.org Critical Security Flaw Silently Patched

Posted by CmdrTaco on from the pay-no-attention dept.

eldavojohn writes "On June 17th, the X.org team was notified by Invisible Things Lab of a critical security flaw (PDF) that affected both x86_32 and x86_64 platforms. The flaw deals with escalated privileges of a user process that has access to the X server. The founder of ITL said of the flaw, 'The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn't take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system.' This has apparently been a security flaw since kernel 2.6 was released. From the article, 'On 13 August, Linus Torvalds committed an initial fix, but several patches were added afterward for various reasons. The problem has been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.'"

7 of 259 comments (clear)

  1. How much more 'silent' was than other bugs? by master_p · · Score: 4, Insightful

    Do the Linux developers put a news announcement out every time there is a bug and they forgot about it this time?

    Isn't it a little sensational to imply that Linus and the other people didn't want this bug to be known because they fear Linux will be characterized as buggy?

    1. Re:How much more 'silent' was than other bugs? by stagg · · Score: 4, Insightful

      I'd rather hear about a flaw like this after the fact frankly. I don't think an unpatched exploit needs the kind of publicity that /. would get it.

    2. Re:How much more 'silent' was than other bugs? by ultranova · · Score: 3, Insightful

      For example, is a bug that corrupts one's filesystem less critical than a bug that allows unauthorized access?

      More importantly, is there a difference? Red Hat 9 had - and perhaps distros still have - this nice system where cron would, once a day, run programs dropped into a directory in /etc with root privileges. Very useful for various packages that required periodical maintenance; but if a filesystem corruption bug would allow one to link an arbitrary file to those directories...

      A bug means that a system behaves in a way it shouldn't. There's always the chance that such unplanned behaviour can be used by an attacker to do nasty things. There is no difference between security critical and other bugs, there's only bugs with known exploits and bugs without. Every bug is a chink in the armor, and every kernel bug should be considered security-critical.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. Is this news? by mspohr · · Score: 4, Insightful
    Isn't this the way it's supposed to work?

    1. Bug found, responsible parties notified

    2. Bug fixed and software updated

    3. We are protected from potential future attacks. (Profit!)

    Was there an actual attack? No.

    --
    I don't read your sig. Why are you reading mine?
    1. Re:Is this news? by jpapon · · Score: 3, Insightful

      Must be a slow day. Conspiracy articles about HAARP causing Moscow to burn, and an article about a security flaw that has been fixed. Fascinating stuff... What's next?

      --
      -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
  3. Re:Convenient by NNKK · · Score: 4, Insightful

    Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

    What rock have you been living under?

  4. Re:There's still a hole. by scribblej · · Score: 3, Insightful

    I wouldn't put X11 on a production server in the first place. Why would you?

    Assuming you're not serving X11, I mean.