LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A nasty local kernel vulnerability

A nasty local kernel vulnerability

Posted Feb 26, 2013 15:21 UTC (Tue) by ledow (guest, #11753)
In reply to: A nasty local kernel vulnerability by PaXTeam
Parent article: A nasty local kernel vulnerability

And they say Linus has a potty-mouth. At least he explains, rather than just rides rough-shod over anyone who "doesn't understand".

Sorry, PaXTeam, but my opinion of you hasn't changed since I first saw a comment by you many years ago. And, ironically, you seem to use most of your posts to garner support for your opinion and/or solutions to the problems you see, mainly by telling people how stupid they are to do anything else.

If you were replaced by an emotionless robot with the same technical opinions, I'd have been on your side years ago. As it is, I can't bear to support someone whose idea of useful comment is to provide foreign insults, masked TLA insults (I'm presuming, Google doesn't actually pop up anything for that), announce your superiority and still not come up with an explanation.

The explanation you were after "It hard-codes memory addresses for known kernels". The logical next question is then: How hard is it to find those addresses for the kernel in the example above, and test the exploit properly?

Hell, if I was in your place, I'd make a working exploit for a particular kernel if it's that easy to do so from the code given, and demonstrate your skills rather than mouth off about them (You'll notice that your "explanatory" post was posted after my initial post above - and still that doesn't demonstrate that a newer kernel is or is not vulnerable, only that some well-known kernels have values hardcoded).

Some of us don't touch kernel stuff precisely because we don't have the time/skill/inclination to understand it past a passing glance, and at worst a sarcastic comment would have achieved some education, rather than a flame-thread of back-and-forth.

Subscriber or not, you're putting people off - off this site, off commenting, off learning, and off your projects. If it's a choice between a site with *just* people like yourself, or a site *without* people like yourself, I know which I'd choose every time. I haven't yet said the same of any other contributor on here.

(Log in to post comments)

A nasty local kernel vulnerability

Posted Feb 26, 2013 15:33 UTC (Tue) by gowen (guest, #23914) [Link]

It's just marketing.

PaXTeam need to constantly imply that they know stuff that nobody else knows to sell their product. Their business relies on not freely sharing information about kernel vulnerabilities. Openness and disclosure is against their business interests - snidery, vagueness and implication is their stock-in-trade.

They need to give the impression of being permananently ahead of the game.

Rise above it.

A nasty local kernel vulnerability

Posted Feb 26, 2013 16:02 UTC (Tue) by spender (subscriber, #23067) [Link]

LWN.net: where people are allowed to make up complete lies and the facts don't matter -- just be civil!

Can you please point me to this "business" you speak of? The PaX Team's website is http://pax.grsecurity.net. Can you please show me the URL to the "buy" button? All i see is freely-available documentation and source code! The PaX Team does not even accept donations!

I thought not freely sharing information about kernel vulnerabilities was the business of the upstream developers ;)

As for being permanently ahead of the game, it's not an impression but an obvious fact, whether you like that fact or not.

-Brad

A nasty local kernel vulnerability

Posted Feb 26, 2013 16:24 UTC (Tue) by gowen (guest, #23914) [Link]

Become a Sponsor
Sponsors receive personal support, audits of RBAC policies and kernel configurations, the ability to request features tailored to your organization, and presence on the website. Sponsorship begins at 100 USD/mo. To become a sponsor of grsecurity, email spender@grsecurity.net.

http://grsecurity.net/sponsors.php

It's not a support contract -- it's just that they give you money, and you give them support.

A nasty local kernel vulnerability

Posted Feb 26, 2013 16:30 UTC (Tue) by mpr22 (subscriber, #60784) [Link]

I was under the impression that PaXTeam is not (part of) grsecurity, even if they are being provided web hosting by grsecurity.

A nasty local kernel vulnerability

Posted Feb 26, 2013 16:43 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

sorry to burst your bubble, but i'm not spender, i'm not doing grsecurity, i do PaX. spender has very kindly provided hosting since i had to move last time off some free hosting. we've been working together on our projects for over a decade but the business side (for the sponsorship otherwise companies have a hard time to donate) is his, not mine. so what's next? a new excuse? an apology? nah, one can't expect much from random LWN ranters, can we? ;)

A nasty local kernel vulnerability

Posted Feb 26, 2013 17:24 UTC (Tue) by gowen (guest, #23914) [Link]

An apology? ok. I'm very sorry for not being convinced that you're not the same person.

A nasty local kernel vulnerability

Posted Feb 26, 2013 17:40 UTC (Tue) by arjan (subscriber, #36785) [Link]

as having someone who has interacted with both Spender and PaxTeam, I can say that they are certainly not the same person.

I've in the past clashed with PaxTeam on issues at times, but I do respect his technical ability greatly; he/she does not deserve this thrashing in this forum, even if the communication style is a bit brisk.

A nasty local kernel vulnerability

Posted Feb 26, 2013 18:26 UTC (Tue) by k8to (subscriber, #15413) [Link]

The one statement does not imply the other. Perhaps there are other reasons though.

A nasty local kernel vulnerability

Posted Feb 26, 2013 22:03 UTC (Tue) by nix (subscriber, #2304) [Link]

One of the unfortunate consequences of posting in a style guaranteed to offend people and piss them off is that one will offend people and piss them off. Wishing that this didn't happen will not change it: one cannot reprogram the social instinct of everyone with whom one interacts. Eventually, PaXTeam may learn this (or start to care that it happens and dooms him to perpetual Cassandrahood), though I don't hold out much hope.

A nasty local kernel vulnerability

Posted Feb 26, 2013 22:53 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

it probably wouldn't hurt if you studied http://en.wikipedia.org/wiki/Sampling_bias a bit ;).

A nasty local kernel vulnerability

Posted Feb 26, 2013 17:15 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

what a mouthful we have here ;). let's go in reverse so that the timeline is clear:

> at worst a sarcastic comment would have achieved some education

there you go: https://lwn.net/Articles/539942/ (in case it's still not obvious, 'supported' refers to 'supported by the exploit' because it was castrated before publication, something that should have been obvious to anyone who bothered to read the README).

so the first conclusion is that you missed that opportunity of enlightenment. let's see how you fared next:

> Some of us don't touch kernel stuff precisely because [...]

right, so you admit to not understand anything about the exploit, the exploited bug, the affected kernels, etc. and you never read the README either (you don't need to be a programmer to understand it). and you didn't read the explot log to which you responded either else you'd have noticed the very clear discrepancy between the to-be-exploited kernel's version and what the exploit itself offered. *yet* you felt utterly compelled to share your non-existent wisdom with the rest of us and managed to actively mislead the poor OP at the same time (we call it giving someone a false sense of security). what do you think of yourself in that light? what i think is that the proverbial road to hell is clearly paved with arrogant incompetence.

one would think at this point you'd have realized the errors of your way, but clearly that's assuming too much of your intellect. watch this:

> The explanation you were after "It hard-codes memory addresses for known
> kernels".

so what did i post almost an hour before your first rant (not that it wasn't already in the published sources that you could have read as well)? that's right, these very pesky hard-coded memory addresses for known kernels (known to the trimmed down exploit, that is).

> The logical next question is then: How hard is it to find those
> addresses for the kernel in the example above, and test the exploit
> properly?

the logical next answer is that you go look at the exploit source code (did i say that too many times already?) and read what those addresses are and realize that they're a grep away.

> Hell, if I was in your place,

hell, i wish you weren't, you'd do too much damage due to incompetence.

> [...]I'd make a working exploit for a particular kernel if it's that
> easy to do so from the code given, and demonstrate your skills rather
> than mouth off about them

actually, there was nothing mouthing off about anyone's skill, or it was at most about the lack thereof (that'd be your reading comprehension ;). and why on earth would i give people a loaded gun when i've never done it in the past? as you can see, the average person is way too careless, the only reason the OP's box didn't get erased is because the exploit publisher was kind enough, which is a rather rare occurance these days as most dangerous stuff stays private and public 'leaks' often come with some extra baggage you really don't wish to run.

> (You'll notice that your "explanatory" post was posted after my initial post above

and also before your rant, yes.

> and still that doesn't demonstrate that a newer kernel is or is not
> vulnerable, only that some well-known kernels have values hardcoded).

a kernel is not vulnerable because an exploit exists against it. a kernel is vulnerable because it has an exploitable bug. and we know that 1) such a bug does exist in this case, 2) which kernels are affected (did you even read the article itself?). so if you want to know if you're vulnerable, you go check you kernel version, you don't need an exploit for that. if you're a curious cat or have other nefarious intents, get off your butt and at least read the code you're about to run and figure out what needs adjustment. and no, i'm still not giving you that loaded gun, i hinted at enough details already that should get you going if you really want to.

last but not least, if i cared about your opinion, you'd think i'd have shown some results by now. clearly, i don't give a shit but then i guess it won't stop you from trying (what was that Einstein quote about insanity again? ;).

A nasty local kernel vulnerability

Posted Feb 26, 2013 19:37 UTC (Tue) by gabucino (guest, #72504) [Link]

> If it's a choice between a site with *just* people like yourself, or a site *without* people like yourself, I know which I'd choose every time.

Is this your emoblog now? Sorry for the intrusion.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds