Stable and unstable kernel releases

[Posted February 11, 2008 by corbet]

There has been a set of stable kernel releases (2.6.22.18, 2.6.23.16, and 2.6.24.2), all of which fix the recently disclosed splice() security hole. This vulnerability is an easy root exploit on any of the affected systems (almost every kernel from 2.6.17 on), so applying the fix would be a good thing to do.

Meanwhile, Linus has closed the 2.6.25 merge window and released 2.6.25-rc1. It is a huge patch. Among many other things, 2.6.25 will have realtime group scheduling, preemptible RCU, LatencyTop support, a bunch of ext4 filesystem enhancements, the controller area network protocol, Atheros wireless support, the reworked timerfd() system call, the page map patches, the SMACK security module, the container memory use controller, the ACPI thermal regulation API, and support for the MN10300/AM33 architecture. See the short-form changelog for lots of details, or the long changelog for more detail than anybody can cope with.

Superb Fast splice() Fix.

Posted Feb 12, 2008 0:12 UTC (Tue) by brianomahoney (guest, #6206) [Link] (2 responses)

Let me thank Greg K-H and the stable team for their
timely work, it maintains the Very High standard of
professionalism that we have come to expect.

I smell a FUD campaign, there have been too many FOSS
exploits in the news in recent days so I hope:

(i)  Following Linus' and Andrew's comments we get more
     introspection/testing

(ii) PJ keeps an eye out

we are due for more anti-Linux reports.

Brian

Superb Fast splice() Fix.

Posted Feb 12, 2008 12:24 UTC (Tue) by nowshining (guest, #50466) [Link] (1 responses)

the patch for 2.6.24.2 that I used didn't update the version number, it just stayed at
2.6.24.1 and i had to try re-patching a second time to get it to work, anyway my kernel
reports 2.6.24.1 and after patching and re-trying another compile - 2nd time, I re-tried the
exploit and it doesn't work no more. :) that means that the patch took..


nowshining@botnetgodalphamale:~/Desktop$ uname -r
2.6.24.1-botnetgodalphamale
nowshining@botnetgodalphamale:~/Desktop$ ./exploit
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7fb0000 .. 0xb7fe2000
[-] vmsplice: Bad address
nowshining@botnetgodalphamale:~/Desktop$


however the only problem I had was when compiling the kernel and I just re-tried (the exploit)
for fun and it pretty much made the system a pain to reboot, and i could NOT start or stop any
processes, so in the end I had to hard reboot, altho when i did try the exploit, programs did
open up, somewhat and operate fine but the compile stopped and cpu went to 0%, it was actually
only trying to exit the terminal that it became blank, and a new shell/terminal wouldn't load
properly, etc..

oh well :) > by the way I stayed up all night so my brain is a bit slow right now. ^_^, also
that was the first time I patched a kernel & compiled it successfully.

Superb Fast splice() Fix.

Posted Feb 12, 2008 12:26 UTC (Tue) by nowshining (guest, #50466) [Link]

oh and yes if anyone is wondering i used the patch from kernel.org.