close

Privacy guaranteed - Your email is not shared with anyone.

"Longstanding Root Access Vulnerability" Say it Ain't So!

Discussion in 'Tech Talk' started by Pierre!, May 15, 2013.


  1. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,951
    137
    Location:
    Lovin Sparks Nv!
  2. Detectorist

    Detectorist
    Expand Collapse

    Joined:
    Jul 16, 2008
    13,806
    3,137
    Location:
    Missouri
  3. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,951
    137
    Location:
    Lovin Sparks Nv!
    Yes, this we know... Just odd to find out that such a "hardened" OS would be this vulnerable.
     
  4. Linux3

    Linux3
    Expand Collapse

    Joined:
    Dec 31, 2008
    1,399
    0
    Sigh...
    This is only true if;
    1) It is a local user compiling the hack. Doesn't work over a network. As a Senior Network Admin I never, never give local users the rights to compile on their systems much less a server. Dah!!!

    AND

    2) If you have compiled a kernel using the 'PERF_EVENTS' option. Rare, very rare.

    Just point me to ONE system in the wild that actually has been cracked by this.

    You Windows people just can't accept that you have a bad O.S. that you have to blow up such non-events as this.

    Get real, potential for cracks is not the same as the 100's of million Windows systems that make up the bot'nets of the internet.
     
  5. Pierre!

    Pierre!
    Expand Collapse
    NRA Life Member

    Joined:
    Jun 20, 2003
    3,951
    137
    Location:
    Lovin Sparks Nv!
    hey, Hey, HEY...

    I was simply drinkin the 'ARS Technica' Koolaid...

    Thanks for the education anyway... (LOL)

    L8ter...
     
  6. harrygunner

    harrygunner
    Expand Collapse

    Joined:
    Sep 4, 2010
    578
    28
    Interestingly, all the Redhat Enterprise 6 clones (CentOS and Scientific Linux) we run have PERF_EVENTS selected in kernels. Fortunately, our servers provide services and not set up for users.

    The thing I like about Linux is how quickly a fix shows up. One could either patch and rebuild their kernel or upgrade to a patched kernel within days of this coming to light. The May 16 RHEL 6 kernels '2.6.32-279.22.1.el6.x86_64' are patched.

    This laptop is running kernel 3.9.2 that came out May 11 and it's patched.

    This one was easy to patch, but difficult to stop with the usual precautions. For example, if the exploit could be written in Perl, a non-root user could run 'perl expliot.pl' in a /home directory that is mounted 'noexec'. SELinux would not have stopped it either.

    It's better to have lots of eyes looking at openly available source code. That actually makes it harder for exploits to exist for long.

    Linux is not perfect, but I prefer it a thousand times over Windows.

    Edited to add: This one may not have been "long standing". It was back-migrated to older kernels. That gave the appearance it has been around since the introduction of those older kernels. So, while the potential existed, new kernels were patched within days of the existence of a practical exploit.
     
    #6 harrygunner, May 19, 2013
    Last edited: May 19, 2013
  7. WiskyT

    WiskyT
    Expand Collapse
    Malcontent

    Joined:
    Jun 12, 2002
    11,682
    1
    Location:
    North Carolina