close

Privacy guaranteed - Your email is not shared with anyone.

"Longstanding Root Access Vulnerability" Say it Ain't So!

Discussion in 'Tech Talk' started by Pierre!, May 15, 2013.

  1. Pierre!

    Pierre! NRA Life Member

    4,025
    189
    Jun 20, 2003
    Lovin Sparks Nv!
  2. Detectorist

    Detectorist

    15,126
    4,241
    Jul 16, 2008
    Missouri

  3. Pierre!

    Pierre! NRA Life Member

    4,025
    189
    Jun 20, 2003
    Lovin Sparks Nv!
    Yes, this we know... Just odd to find out that such a "hardened" OS would be this vulnerable.
     
  4. Linux3

    Linux3

    1,399
    0
    Dec 31, 2008
    Sigh...
    This is only true if;
    1) It is a local user compiling the hack. Doesn't work over a network. As a Senior Network Admin I never, never give local users the rights to compile on their systems much less a server. Dah!!!

    AND

    2) If you have compiled a kernel using the 'PERF_EVENTS' option. Rare, very rare.

    Just point me to ONE system in the wild that actually has been cracked by this.

    You Windows people just can't accept that you have a bad O.S. that you have to blow up such non-events as this.

    Get real, potential for cracks is not the same as the 100's of million Windows systems that make up the bot'nets of the internet.
     
  5. Pierre!

    Pierre! NRA Life Member

    4,025
    189
    Jun 20, 2003
    Lovin Sparks Nv!
    hey, Hey, HEY...

    I was simply drinkin the 'ARS Technica' Koolaid...

    Thanks for the education anyway... (LOL)

    L8ter...
     
  6. harrygunner

    harrygunner

    578
    28
    Sep 4, 2010
    Interestingly, all the Redhat Enterprise 6 clones (CentOS and Scientific Linux) we run have PERF_EVENTS selected in kernels. Fortunately, our servers provide services and not set up for users.

    The thing I like about Linux is how quickly a fix shows up. One could either patch and rebuild their kernel or upgrade to a patched kernel within days of this coming to light. The May 16 RHEL 6 kernels '2.6.32-279.22.1.el6.x86_64' are patched.

    This laptop is running kernel 3.9.2 that came out May 11 and it's patched.

    This one was easy to patch, but difficult to stop with the usual precautions. For example, if the exploit could be written in Perl, a non-root user could run 'perl expliot.pl' in a /home directory that is mounted 'noexec'. SELinux would not have stopped it either.

    It's better to have lots of eyes looking at openly available source code. That actually makes it harder for exploits to exist for long.

    Linux is not perfect, but I prefer it a thousand times over Windows.

    Edited to add: This one may not have been "long standing". It was back-migrated to older kernels. That gave the appearance it has been around since the introduction of those older kernels. So, while the potential existed, new kernels were patched within days of the existence of a practical exploit.
     
    Last edited: May 19, 2013