LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A nasty local kernel vulnerability

A nasty local kernel vulnerability

Posted Feb 26, 2013 23:23 UTC (Tue) by smokeing (guest, #53685)
In reply to: A nasty local kernel vulnerability by edeloget
Parent article: A nasty local kernel vulnerability

I'm in no way an expert in kernel, but I did have a look at the code before running the exploit. Somehow, I had a feeling I will be safe (not least because mine is not a distro kernel), and so eventually I gave it a shot. Indeed, it didn't work. Yes, it was silly and stupid. Curiosity will kill this cat.

But, wow. Looks to me all the rage the guys have meanwhile vented above just waited to happen. I got scared, in a way, coming back to this thread to find 44 responses!

Peace :}

(Log in to post comments)

A nasty local kernel vulnerability

Posted Feb 26, 2013 23:40 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

very well then, don't say you weren't warned: http://seclists.org/oss-sec/2013/q1/453 :)

A nasty local kernel vulnerability

Posted Mar 5, 2013 15:40 UTC (Tue) by ortalo (subscriber, #4654) [Link]

Quite the contrary; in my humble opinion, curiosity is the primary legitimate reason for studying an exploit.

From the point of view of the actual protection of a computer, I've always considered (and teached) that exploit-oriented work (when it's not evil) is counter-productive. Most frequently, it takes less time to fix a potential security bug than to check its pratical exploitability. Frequently, you check exploitability because you cannot have trustable feedback on the actual danger and you had better consider a full solution switch.
(Note that there is a critical distinction between no feedback at all as is frequent with proprietary software and disagreement between developers on a piece of software available for public scrutiny as is frequent with open source software. Though that does not necessarily solves the first point.)

Furthermore working on exploits mean working on bad, obscure code that will not be reused (except for bad reasons or endless demonstration); while working on correcting errors is quality improvement and good programming. (Quality improvement is not as rewarding as writing a new scheduler - but still better than finding buffer overflows offsets - and new linux schedulers are so... common... nowadays.)

So... there are also real reasons why such a topic scratches so much itches; those forced (either by public pressure or by careless or manoeuvering managers) to work on exploitability are usually accumulating dissatisfaction. But that's certainly not due to your curiosity.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds