LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Remote root hole in Samba

Remote root hole in Samba

Posted Apr 12, 2012 0:03 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: Remote root hole in Samba by cmccabe
Parent article: Remote root hole in Samba

I'm absolutely sure that at least some of them are buggy. I can bet you $1000 that there'll be new local Linux kernel exploits within 2 years.

(Log in to post comments)

Remote root hole in Samba

Posted Apr 15, 2012 17:23 UTC (Sun) by cmccabe (guest, #60281) [Link]

First of all, we were talking about OpenBSD, not Linux. Secondly, if you're so sure that "some of them are buggy", you should find out which ones. I'm sure that the reward will be a lot greater than $1000.

I think what may be confusing you is the fact that there have been a lot of privilege escalations in Linux over the years (although not in OpenBSD, which is what we were talking about-- remember?). However, most of those privilege escalations didn't involve insecure system calls. In fact there's only one that I can think of which did (maybe others can think of more).

Remote root hole in Samba

Posted Apr 15, 2012 20:58 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

>First of all, we were talking about OpenBSD, not Linux. Secondly, if you're so sure that "some of them are buggy", you should find out which ones. I'm sure that the reward will be a lot greater than $1000.

I'm absolutely sure that Linux right now has multiple exploitable local vulnerabilities.

>However, most of those privilege escalations didn't involve insecure system calls. In fact there's only one that I can think of which did (maybe others can think of more).

Whut?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3301
http://xorl.wordpress.com/2011/04/25/cve-2011-1593-linux-...
...

It's like a clockwork! At least one local exploit a year.

Remote root hole in Samba

Posted Apr 15, 2012 23:48 UTC (Sun) by spender (subscriber, #23067) [Link]

Don't forget perf_counter() ;)

http://www.youtube.com/watch?v=KvREwhfQmbc

Remote root hole in Samba

Posted Apr 19, 2012 20:46 UTC (Thu) by cmccabe (guest, #60281) [Link]

Let's look at the orignial post that started this thread.

> Programs in OpenBSD chroot have access to all the syscalls.
> Probably at least several of them are vulnerable.

Now we've digressed into looking at a bunch of Linux (NOT OpenBSD) security flaws. How does this help you prove that OpenBSD is insecure?

Secondly, privilege separation, BSD jails, SELinux, ASLR, etc are still useful technologies even if they don't block 100% of exploits. I think most system administrators would consider being vulnerable to one exploit per year a VERY good record, for any of the major three platforms.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds