Hole In Linux Kernel Provides Root Rights

← Back to Stories (view on slashdot.org)

Hole In Linux Kernel Provides Root Rights

Posted by Soulskill on Saturday September 18, 2010 @12:20PM from the everything-old-is-new-again dept.

oztiks writes with this excerpt from The H: "A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system. According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. ... Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole."

15 of 274 comments (clear)

Serve them right by Anonymous Coward · 2010-09-18 12:23 · Score: 5, Funny

That's why those of us in the know stick to 8-bit Linux kernal.
1. Re:Serve them right by Anonymous Coward · 2010-09-18 13:06 · Score: 5, Funny
  
  I thought that was because you were a pretentious wanker?
2. Re:Serve them right by DiegoBravo · 2010-09-18 13:49 · Score: 4, Funny
  
  Thank you Adobe! you saved my machine!
3. Re:Serve them right by jamesh · 2010-09-18 14:49 · Score: 5, Funny
  
  And those even more in the know use a two-bit operating system like Windows :)
4. Re:Serve them right by jc42 · 2010-09-18 16:16 · Score: 4, Informative
  
  And that's why I use OpenBSD :)
  I thought that was because you were a pretentious wanker?
  It's quite possible to have two independent reasons for doing something.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
5. Re:Serve them right by grcumb · 2010-09-18 17:14 · Score: 4, Funny
  
  1 bit operating systems are totally impossible to infect though.
  That's true!
  ... Or false...
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
Patch by Anonymous Coward · 2010-09-18 12:25 · Score: 5, Funny

For those who compile from source, here is the patch:

---kernel.c +++kernel.c @@ -1,1 +1,1 @@ - void goatse(long cx) { + void goatse(int cx) {

The change from long to int closes the massive hole.
Re:Perhap the kernel's size is becoming too unweil by siride · 2010-09-18 12:26 · Score: 4, Informative

You're talking about git submodules and I'm gonna go ahead and guess that the answer you'll receive from the kernel folks about that is a big fat "no". Maybe if Git had usable project hierarchies, things might be different.
Also to note: even Git can't fix stupid policy or stupid programming decisions.
Error in title by Anonymous Coward · 2010-09-18 13:10 · Score: 5, Funny

Root is a privilege, not a right.
Patch by Frankie70 · 2010-09-18 13:13 · Score: 4, Funny

You can get a patch here.
Re:Perhap the kernel's size is becoming too unweil by Runaway1956 · 2010-09-18 13:29 · Score: 4, Funny

No, Linux sucks, but it sucks a lot less than Windows. I mean, the "fix" is already out. My update reminder has been sitting in the taskbar ever since I woke up. Every time my mouse rolls over my autohidden taskbar, I get a flash of red to remind me about the kernel update. I've ignored it, because the exploits are simply not deployed. Unlike Windows, where there are thousands of exploits deployed, some of them sitting on servers waiting for the opportunity to do a "drive by" installation. When it is convenient for me to do so, I'll download the update, and apply it.

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Bit late to be news by 0123456 · 2010-09-18 13:50 · Score: 4, Informative

Ubuntu, at least, has already released the patch as a kernel upgrade; it was fixed early in the week so I presume most other distros have too.
code comments? by Cyko_01 · 2010-09-18 14:33 · Score: 5, Insightful

Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability
and this, my friends, is why we add comments to our code
Re:Unit Tests by mysidia · 2010-09-18 17:36 · Score: 5, Insightful

The test doesn't have to detect exploitability, only that the bug is still present (or not).
Re:Doesn't work by x2A · 2010-09-18 20:26 · Score: 4, Informative

cd /usr/src/linux &&
grep -ilE 'super.?user' `find . -iname *.[ch]`
arch/avr32/mm/cache.c
arch/h8300/include/asm/cachectl.h
arch/ia64/kernel/unaligned.c
arch/m68k/include/asm/cachectl.h
arch/m68k/kernel/sys_m68k.c
arch/parisc/hpux/sys_hpux.c
arch/x86/kernel/apm_32.c
arch/x86/kernel/ioport.c
drivers/char/apm-emulation.c
drivers/char/rio/errors.h
drivers/char/rio/rioctrl.c
drivers/net/wireless/airo.c
drivers/scsi/megaraid.c
drivers/scsi/megaraid/megaraid_mm.c
drivers/staging/vt6655/iwctl.c
drivers/staging/vt6656/iwctl.c
fs/cachefiles/daemon.c
fs/ext4/mballoc.c
fs/fcntl.c
fs/namei.c
fs/ntfs/super.c
fs/smbfs/file.c
fs/ubifs/budget.c
fs/ufs/ufs_fs.h
fs/unionfs/sioq.c
fs/utimes.c
fs/xfs/quota/xfs_qm.c
fs/xfs/quota/xfs_qm_syscalls.c
fs/xfs/xfs_quota.h
include/linux/acct.h
include/linux/dqblk_xfs.h
include/linux/fd.h
include/linux/keyboard.h
include/linux/random.h
include/linux/sched.h
include/linux/shm.h
include/net/sock.h
kernel/kexec.c
kernel/sys.c
kernel/sysctl.c
kernel/time/ntp.c
mm/mempolicy.c
mm/migrate.c
mm/oom_kill.c
net/core/dev.c
net/core/sock.c
net/netlink/af_netlink.c
net/netrom/af_netrom.c
(full disclosure: I also piped it thru |sed -e 's/^\.\///g' for formatting purposes (slashdot puts it all one one line if they begin with ./ for some reason) and |sort because I'm just like that)

--
The revolution will not be televised... but it will have a page on Wikipedia