User: Password:
|
|
Subscribe / Log in / New account

Editorial section?

Editorial section?

Posted Jan 26, 2012 0:13 UTC (Thu) by PaXTeam (guest, #24616)
In reply to: Editorial section? by nevets
Parent article: A /proc/PID/mem vulnerability

i find it perfectly reasonable to describe a coverup of this magnitude and importance as 'sad' (i'm pretty sure i have used much stronger words in the past myself ;). but perhaps you can show a counter example where this kind of behaviour is not sad but a good thing? and if you think that this coverup (which somewhat ironically has already become a much bigger circus than what he so despises) is in the best interest of the kernel community, and let's not forget the users, then i'd like to hear your justification for it, as in, what do you/they gain by this (certainly no praise as i'm sure you're aware of the past flamewars ;).


(Log in to post comments)

Editorial section?

Posted Jan 26, 2012 0:42 UTC (Thu) by nevets (subscriber, #11875) [Link]

I guess the question is, was it really a cover up? As I read what Linus wrote in the commit log, where he mentions both "/proc/<pid>/mem" and "doesn't match the permission checking" as well as "if you hold the file descriptor open over an execve(), you'll continue to read from the _old_ VM", that to me reads security vulnerability all over it.

He mentioned this as a bug fix, not a security fix. Does he really need to specify "this fixes a privilege escalation vulnerability"? Some say yes, some say no, but both choices are *opinions*!

Actually, what was left out of the article is more damning to Torvalds than what was in the article. I just read the full commit log, and if anything, this part I would consider the most incriminating against him:

"If somebody actually finds a load where this matters, we'll need to revert this commit"

One would not want to revert a commit that is a security fix. And even Linus stated that once.

I'm friends with Jake, and have had many a beer with him discussing lots of topics. As I read this article, I could hear his opinion slipping into what he wrote. Maybe, it's just me. Jake's a good guy, but he also human (that's a strike against us all). I was just stating that this article seemed to have a little more opinion in it than in other articles.

Still, I find Jake's writing superb.

Editorial section?

Posted Jan 26, 2012 1:12 UTC (Thu) by PaXTeam (guest, #24616) [Link]

> I guess the question is, was it really a cover up?

that's easy to answer. using your example, you're saying that it is a matter of opinion whether a security fix says 'security fix' or just 'fix'. by that logic it is also a matter of opinion whether a filesystem corruption fix simply says 'filesystem corruption fix' or 'fix'. we know from existing commits that this opinion thing favours the first kind of description for filesystem corruptions. why does the same opinion favour the second kind then for security fixes? isn't a bug a bug after all? and let's not forget that security bugs (e.g., memory corruption ones) can very well cause filesystem corruption, one would think that they would at least be described as such in the commit, but not even that happens. inquiring minds would like to know the reason for these seemingly inconsequential decisions ;).

> One would not want to revert a commit that is a security fix.

i don't think he said everything he wanted to. my guess is that he would have continued with '...and fix it another way' but that would have given away even more hints as to the severity of the situation (it would have shown that one way or another, something really truly must be done here whereas a casual 'we will revert if needed' will make the less observative reader think that 'ok, nothing really important is going on here, at most i will see a revert in the coming days').

Editorial section?

Posted Jan 26, 2012 1:26 UTC (Thu) by nevets (subscriber, #11875) [Link]

If somebody actually finds a load where this matters, we'll need to revert this commit

I'm surprised someone didn't respond to this saying:

"Hey! My rootkit no longer works. Please revert this commit."

Editorial section?

Posted Jan 26, 2012 17:30 UTC (Thu) by nix (subscriber, #2304) [Link]

You think you're joking, but I've been on one site, nameless to protect the guilty, where the sysadmins did not (for stupid political reasons) have the ability to change the password, and had long forgotten what that password was, and where auditors forbade the installation of additional privileged binaries -- so, rather than use sudo or something like that, they kept an exploit binary around to give them a root shell 'because it works as long as we don't upgrade the kernel'.

(I pointed out how stunningly unwise this was, and was told that this was the way they'd always done it and they weren't going to change.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds