Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Privileges Through Linux Kernel Bug

Posted by timothy on from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

8 of 131 comments (clear)

  1. Re:Linux! "It just works!" by Anonymous Coward · · Score: 1, Interesting

    Indeed, 5 years old and no exploit. Patched several years ago by the distros. The question is why didn't it get back into the kernel tree.

  2. Re: Ask the Kernel Overlords by xiando · · Score: 4, Interesting

    Why not ask the kernel developers? Nah, I'm not just joking, don't ask those nutjobs anything, they'll just freak out and start yelling at you.

    I've seen many similar statements, so there may be some truth to this, but my experience is that they give you a short-as-possible only-most-relevant question such as "Can you bisect?" or reply like "Patch rejected: missing signoff". It appears their time is very valuable or they have to pay $5 pr. typed letter.

    --
    9/11: Never forget it was a false-flag operation
  3. Re:Ummmmm, a local exploit. by Beelzebud · · Score: 2, Interesting

    If it's a non-story then why did Linus patch it today? Apparently he didn't agree with your flippant way of looking at OS security.

  4. Re:Nothing to see here.... by jittles · · Score: 4, Interesting

    My guess would be an oversight at kernel.org. I submitted a kernel patch to the USB HID driver back in the days of 2.6.10 and 2.6.13. The driver was incorrectly suspending its state (I can't remember what it was doing off the top of my head) while it held onto a spinlock. The result was 100% CPU utilization when you called certain ioctls made available by the driver. The patch didn't make it in until 2.6.17 if I recall correctly, and not until someone with a name submitted a patch for it.

  5. Re: Ask the Kernel Overlords by smash · · Score: 3, Interesting

    So, only 6 years late then? SuSE just went way up in my book.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  6. Compare to Apple... by Myria · · Score: 2, Interesting

    Compare this to Apple, which still hasn't fixed my Darwin kernel ring 0 exploit, which I reported in June.

    It's x86-only, so no, it can't be used for the second step of an iPhone jailbreak. =(

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
  7. Re:Nothing to see here.... by LinuxIsGarbage · · Score: 2, Interesting

    How great does the serial console work if the system won't boot?

  8. Re:you didn't do it right by Anonymous Coward · · Score: 1, Interesting

    "...the correct procedure is to keep pestering the maintainer..." wow, THAT's a screwed up procedure. If I go through the effort of identifying a flaw and submitting a patch and the maintainer doesn't acknowledge my existence, the hell I'm going to keep pestering him...

    I mean THAT's the reality of it, it isn't that the maintainer just misplaced the e-mail. E-mails from Linus don't get accidentally misplaced. So why should e-mails reporting and fixing vulns get misplaced? It's BS and it's a little elitist club, and that needs to be fixed, rather than the submitter needing to dedicate his/her life to getting listened to by the members of the elitist club.