|
|
Subscribe / Log in / New account

Local root vulnerability in the kernel

Local root vulnerability in the kernel

Posted May 15, 2013 15:07 UTC (Wed) by spender (guest, #23067)
Parent article: Local root vulnerability in the kernel

Something important missing from this summary is that while the exploit was posted yesterday, it was authored in 2010. The author of the exploit (and many previous exploits) discloses private exploits once he spots them being killed upstream: http://article.gmane.org/gmane.comp.security.oss.general/...

SELinux won't help, perf_event_paranoid=2 won't help -- for a right-thinking person, this could be seen as motivation for a change of course out of the ashes of such a dramatic failure. Unfortunately, I think Michael Gilbert is right on the money about what will really result from all this: http://seclists.org/oss-sec/2013/q2/329. Vulnerability patched, problem solved; rinse and repeat.

If your only source of protection against exploitation of the vulnerability is waiting on your distro to provide an updated kernel package, then it's already too late.

I posted more specific notes on exploitation here:
http://www.reddit.com/r/netsec/comments/1eb9iw/sdfuckshee...

-Brad

to post comments

Local root vulnerability in the kernel

Posted May 15, 2013 20:46 UTC (Wed) by drag (guest, #31333) [Link] (5 responses)

It seems that time has proven current policies as incorrect.

Sure, all security bugs can be security bugs, but once they are known to be security issues then that is a issue.

It should be treated with the same level of importance as, say, a bug in Ext4 that corrupts your file system. Nobody would suggest that should be downplayed and hidden like security bugs are in the Linux kernel.

Local root vulnerability in the kernel

Posted May 15, 2013 20:55 UTC (Wed) by nix (subscriber, #2304) [Link] (4 responses)

Quite. I'd say this security bug was about as serious as the obscure ext4 bug that ate my filesystem: both have serious consequences, but neither is going to happen unless you make some unusual changes to your system: in my case, mounting with certain mount options and then rebooting in the middle of a umount; in this case, turning on a config option which pretty much screams SECURITY PROBLEMS HERE, and which can't be turned on in conjunction with a lot of other commonly-used options which are probably already on. I know I wasn't faced with the *option* to turn on userspace namespaces until 3.9: many people, e.g. those using XFS, probably still can't see it. In both cases the fault was really one of documentation: the ext4 mount option didn't say it was experimental and dangerous, so tweakers-for-tweaking's-sake like me might well turn it on without realizing the danger; this option, too, was missing that disclaimer in the Kconfig help text.

Local root vulnerability in the kernel

Posted May 15, 2013 23:22 UTC (Wed) by ewan (guest, #5533) [Link] (3 responses)

"neither is going to happen unless you make some unusual changes to your system"

Er - what? This exploit works on RHEL 6 in its default configuration. It's not exactly the far reaches of exotica.

Local root vulnerability in the kernel

Posted May 21, 2013 14:33 UTC (Tue) by nix (subscriber, #2304) [Link] (2 responses)

RHEL6 has user namespaces turned on?! That's... riskier than I would have expected from RH. I boggle.

Local root vulnerability in the kernel

Posted May 21, 2013 20:32 UTC (Tue) by spender (guest, #23067) [Link] (1 responses)

You guys are talking past each other.

I mentioned (as an example) user namespaces as something new in the kernel that introduced significant vulnerability not present in earlier kernels.

Drag then commented about the vulnerability that the article is about (the perf events vuln) being as significant as an ext4 data corruption bug.

You then mentioned about how you wouldn't be hit by this vulnerability without extensive changes to your system. I believe you were referring to user namespaces here, but drag was referring to perf events. CONFIG_PERF_EVENT is forced on (why?) for anyone using X86.

Ewan then followed up saying basically what I just said in the above paragraph, referring to the exploit released that was mentioned in this article, but without explicitly mentioning perf events you still understood him to be talking about user namespaces.

All sorted now! :)

-Brad

Local root vulnerability in the kernel

Posted May 22, 2013 16:45 UTC (Wed) by nix (subscriber, #2304) [Link]

Yeah, I was firing at the wrong thing. Misread, drag and ewan and you are right.

One problem with the rather nice LWN Recent Comments thing is a lack of context, and it sometimes leaves you astray :)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds