distro update progress [LWN.net]

distro update progress

Posted Feb 12, 2008 2:09 UTC (Tue) by mrons (subscriber, #1751)
In reply to: distro update progress by dougg
Parent article: vmsplice(): the making of a local root exploit

I took the fedora update  kernel-2.6.23.15-137.fc8 straight from the build system
(koji.fedoraproject.org) about 21 hours ago.

I couldn't wait for it to be distributed to the mirrors, I have lots of students with shell
accounts that read slashdot!

(Log in to post comments)

distro update progress

Posted Feb 12, 2008 8:17 UTC (Tue) by nix (subscriber, #2304) [Link]

It is too late. Now you have lots of new co-system-administrators. ;)

distro update progress

Posted Feb 12, 2008 11:49 UTC (Tue) by Velmont (subscriber, #46433) [Link]

You could always had used the quick hotfix to disable vmsplice (no reboot necessary):

http://www.ping.uio.no/~mortehu/disable-vmsplice-if-explo...

distro update progress

Posted Feb 12, 2008 18:58 UTC (Tue) by incase (subscriber, #37115) [Link]

That "fix" is even worse than the problem itself:
It first tries wether the exploit works and overwrites parts of kernel memory on the way.
If your machine only has few and trusted users, don't use it. If you have untrusted users (or
anticipate having some remote exploit allowing the attacker to execute his code under some
(non-root) account, it would be better to shut down the machine until you have an updated
kernel installed. Either by patching your kernel yourself or by installing a distribution
kernel with the fixes in it.

distro update progress

Posted Feb 13, 2008 10:52 UTC (Wed) by Velmont (subscriber, #46433) [Link]

If you use the new hotfix, it will *not* use the exploit to get root but just disable
vmsplice.

Morten Hustveit made the patch while waiting for a pizza delivery, and didn't look at the
exploit - now the second version enables sysadmins to disable vmsplice more securely. ;-)