Kernel Exploit

Chat about Linux in general

Kernel Exploit

Postby eeezzzeee on Mon Jul 20, 2009 12:42 pm

Not sure where to post this, or if this has been posted already, but read this and thought it I may as well post it to let people know its out there.
According to the article it seems to be a pretty impressive one that can bypass SElinux and apparmor
http://news.zdnet.com/2100-9595_22-322456.html
"If it's stupid and it works.... it's not stupid"
User avatar
eeezzzeee
Level 3
Level 3
 
Posts: 160
Joined: Sun Feb 10, 2008 9:28 pm

Linux Mint is funded by ads and donations.
 

Re: Kernel Exploit

Postby Husse on Mon Jul 20, 2009 2:12 pm

Luckily this does not affect Mint as it is for kernel 2.6.30 and 2.6.18 but it is impressive....
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Kernel Exploit

Postby AK Dave on Fri Jul 24, 2009 6:35 pm

As far as I can tell, the "exploit" requires the user to execute code at root privs.

"the exploit uses the Linux compiler to overcome the security features"
Translation:
If you compile code with this exploit, you'll have a binary that rootkits your system.
If you install someone else's binary, which most of us do, and the exploit is already written into the code, the binary rootkits your system.

All of this requires executing at root privs in the first place, either to install the package or or compile. Or it requires you allowing remote login of other users who have already exploited your ssh.

Here's where I see a potential for this exploit:
On a system with multiple user access accounts, so not your typical home user linux install, where you might have several people logged in at once. So more your academic or business type install. Where individual users, without root access, can compile and execute their own code. J Random Luser compiles code with this exploit, and thereby rootkits the system to gain greater access.
User avatar
AK Dave
Level 6
Level 6
 
Posts: 1042
Joined: Wed May 14, 2008 3:39 pm
Location: Anchorage, AK USA

Re: Kernel Exploit

Postby DrHu on Fri Jul 24, 2009 10:57 pm

Husse wrote:Luckily this does not affect Mint as it is for kernel 2.6.30 and 2.6.18 but it is impressive....

I take that as being TRUE..
--except for the later kernel updates from Ubuntu..

AK Dave wrote:If you compile code with this exploit, you'll have a binary that rootkits your system.
If you install someone else's binary, which most of us do, and the exploit is already written into the code, the binary rootkits your system.

All of this requires executing at root privs in the first place, either to install the package or or compile

So, since we have to/might have to install software or system updates (mintupdate)
--it probably needs fixed fairly soon..

They are on it.

http://patchwork.kernel.org/patch/36060/
http://kerneltrap.org/mailarchive/git-c ... 16/6213673
https://bugs.launchpad.net/ubuntu/+sour ... bug/403647
User avatar
DrHu
Level 16
Level 16
 
Posts: 6624
Joined: Wed Jun 17, 2009 8:20 pm


Return to Chat about Linux

Who is online

Users browsing this forum: No registered users and 4 guests