LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Stable kernel 2.6.25.10

Stable kernel 2.6.25.10

Posted Jul 6, 2008 14:02 UTC (Sun) by nix (subscriber, #2304)
In reply to: Stable kernel 2.6.25.10 by PaXTeam
Parent article: Stable kernel 2.6.25.10 

To me, the fact that it breaks GDB is more significant, but then I don't 
have dedicated maniacs attacking my systems with billions of 
custom-written ptrace()s (and if they did, it would take them days and 
there's no way I'd not notice even if I was on another continent).

(Log in to post comments)

Stable kernel 2.6.25.10

Posted Jul 7, 2008 2:35 UTC (Mon) by spender (subscriber, #23067) [Link] 

I wrote a working PoC for the vulnerability today.  It only takes 20 minutes for me (inside a
3.3ghz single-processor VM).

-Brad

Stable kernel 2.6.25.10

Posted Jul 7, 2008 6:48 UTC (Mon) by nix (subscriber, #2304) [Link] 

... and if it took you twenty minutes, your average script kiddie would 
take weeks, if ever. (Of course, buying a copy from a blackhat with 
similar skills would probably be faster.)

Stable kernel 2.6.25.10

Posted Jul 7, 2008 7:49 UTC (Mon) by PaXTeam (subscriber, #24616) [Link] 

the 20 mins was the runtime of the exploit, not its development time.

Stable kernel 2.6.25.10

Posted Jul 7, 2008 19:43 UTC (Mon) by nix (subscriber, #2304) [Link] 

I thought 20 minutes seemed awfully fast to write an exploit from scratch, 
but I'm not very good at that sort of thing so I thought maybe skilled 
people are faster.

(Still, if a random blackhat tries to eat that amount of CPU time on any 
of my security-important systems all sorts of alarms would go off. But 
maybe that's more paranoia than most people show, and I suppose if the 
attacker knew about those monitoring systems he could distribute the 
computational work among numerous processes and a long stretch of time. 
Still, again, if an attacker knows that much, I'm dead anyway. Maybe this 
is significant to unmonitored systems with untrusted local users, and I 
suppose it makes it easier to escalate to root once you've got in via some 
vulnerable network service, but if the attacker's managed that, again, 
you're dead anyway: and most attackers these days don't *care* about 
escalation to root: all they care about is being able to spam like crazy, 
and being able to spy on the user, and an attack via, say, a browser 
vulnerability will give them all of that.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds