Slashdot Mirror


Root Privileges Through Linux Kernel Bug

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

5 of 131 comments (clear)

  1. Ummmmm, a local exploit. by Anonymous Coward · · Score: -1, Flamebait

    But that would indicate the attacker has access to the machine, and once that happens it a lost cause regardless. This is a non story.

  2. Re:Nothing to see here.... by Anonymous Coward · · Score: -1, Flamebait

    Maybe Linus is applying for some Apple job and wanted to show that he would fit well there.

  3. Wow! Linux is really Secure. by Anonymous Coward · · Score: -1, Flamebait

    I thought only Microsoft wrote Bugs and Linux has no security holes.

    What happened?

    Look at this graph: http://linuxinsecurity.blogspot.com/

    Certainly, someone is wrong!

  4. Re:ZOMG!!! by Anonymous Coward · · Score: -1, Flamebait

    You both eat dicks. Sad you fucks can't afford a real computer.

  5. Re: Ask the Kernel Overlords by buchanmilne · · Score: 0, Flamebait

    So, only 6 years late then? SuSE just went way up in my book.

    SuSE just went way down in my book, to join the "we-don't-upstream" vendors such as Canonical.

    Really, there may have been an excuse for not upstreaming this during the linus-doesn't-scale period, but other distros have explicit "patch-review-in-order-to-upstream" initiatives, this one should have been caught by SuSE some time in the last 6 years, and reviewed by their kernel maintainers, and re-submitted.