Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hole In Linux Kernel Provides Root Rights

Posted by Soulskill on from the everything-old-is-new-again dept.

oztiks writes with this excerpt from The H: "A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system. According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. ... Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole."

9 of 274 comments (clear)

  1. Re:Perhap the kernel's size is becoming too unweil by Anonymous Coward · · Score: 3, Insightful

    And that has to do with linux?... Oh thats right nothing.

    Pointing at what other people are doing wrong so you can look better makes you look like an ass in the long run. People notice it. Stop doing it and worry about what you are doing...

    Root escalation is a serious issue but instead of figuring out 'hey how can we stop this from happening again' you are busy saying 'look see teh windowz sux'.

    uh ok...

  2. Re:But...but... by houstonbofh · · Score: 3, Insightful

    Linux is better than Windows.

    better != perfect

  3. code comments? by Cyko_01 · · Score: 5, Insightful

    Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability

    and this, my friends, is why we add comments to our code

    1. Re:code comments? by Anonymous Coward · · Score: 3, Insightful

      > and this, my friends, is why we add comments to our code

      It's also a good argument for regression testing.

  4. Re:Perhap the kernel's size is becoming too unweil by MichaelSmith · · Score: 3, Insightful

    You're talking about git submodules and I'm gonna go ahead and guess that the answer you'll receive from the kernel folks about that is a big fat "no". Maybe if Git had usable project hierarchies, things might be different.

    Also to note: even Git can't fix stupid policy or stupid programming decisions.

    If ever there was a case of missing the forest for the trees, it's this right here.

    Its a bug tracking issue, not a a version control issue.

    --
    http://michaelsmith.id.au
  5. Re:Perhap the kernel's size is becoming too unweil by mysidia · · Score: 3, Insightful

    1 reverted security patch is a mistake.
    2 reverted security patches is a major mistake
    3 unintentionally reverted critical patches in 6 months is a pattern of major fuck-ups.

    I'm not saying people don't make mistakes. Part of the purpose of version control is to prevent such accidental reversions.

    A pattern of reverting security changes, and not detecting those reversions before the software goes to world-wide release is pretty inexcusable, in most reputable development firms... people would get fired over this.

    I suppose an interesting characteristic of the OSS development module is you can't fire people for screwing up, because they're not paid in the first place, they can follow slipshod practices as much as they like, with 'accidental' reversions or other changes all over the place

  6. Re:Unit Tests by mysidia · · Score: 5, Insightful

    The test doesn't have to detect exploitability, only that the bug is still present (or not).

  7. Errare Humanum est by cyrilc · · Score: 3, Insightful

    The fact that because we can't fire developers makes it an incentive to bad coding practices is not an argument:

    for some people (esp. Linux developers where pride is an important fuel to their creativity), being pointed out in public by such bad behavior is much worse than being fired in the equivalent closed software company.
    Moreover, you will never know how many developers in a closed model had turned a simple patch into a remote exploit and if the culprit was really fired afterward esp. if it's a core developer (the one that knows everything and that you can't fire).
    I think I can remember at least one Windows bug few years ago that was very much like another that was closed but there are some many 0-day and remote exploits that is becomes difficult to keep track.

  8. Re:Serve them right by Kymermosst · · Score: 3, Insightful

    Linux is often the better choice for desktop usage when security is not an issue.

    Security is *always* an issue. Especially on the desktop. One merely needs to look at the large botnets comprised entirely of zombie Windows machines to understand why.

    --
    "Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.