User: Password:
|
|
Subscribe / Log in / New account

Local root vulnerability in the kernel

Local root vulnerability in the kernel

Posted May 15, 2013 20:55 UTC (Wed) by nix (subscriber, #2304)
In reply to: Local root vulnerability in the kernel by drag
Parent article: Local root vulnerability in the kernel

Quite. I'd say this security bug was about as serious as the obscure ext4 bug that ate my filesystem: both have serious consequences, but neither is going to happen unless you make some unusual changes to your system: in my case, mounting with certain mount options and then rebooting in the middle of a umount; in this case, turning on a config option which pretty much screams SECURITY PROBLEMS HERE, and which can't be turned on in conjunction with a lot of other commonly-used options which are probably already on. I know I wasn't faced with the *option* to turn on userspace namespaces until 3.9: many people, e.g. those using XFS, probably still can't see it. In both cases the fault was really one of documentation: the ext4 mount option didn't say it was experimental and dangerous, so tweakers-for-tweaking's-sake like me might well turn it on without realizing the danger; this option, too, was missing that disclaimer in the Kconfig help text.


(Log in to post comments)

Local root vulnerability in the kernel

Posted May 15, 2013 23:22 UTC (Wed) by ewan (subscriber, #5533) [Link]

"neither is going to happen unless you make some unusual changes to your system"

Er - what? This exploit works on RHEL 6 in its default configuration. It's not exactly the far reaches of exotica.

Local root vulnerability in the kernel

Posted May 21, 2013 14:33 UTC (Tue) by nix (subscriber, #2304) [Link]

RHEL6 has user namespaces turned on?! That's... riskier than I would have expected from RH. I boggle.

Local root vulnerability in the kernel

Posted May 21, 2013 20:32 UTC (Tue) by spender (subscriber, #23067) [Link]

You guys are talking past each other.

I mentioned (as an example) user namespaces as something new in the kernel that introduced significant vulnerability not present in earlier kernels.

Drag then commented about the vulnerability that the article is about (the perf events vuln) being as significant as an ext4 data corruption bug.

You then mentioned about how you wouldn't be hit by this vulnerability without extensive changes to your system. I believe you were referring to user namespaces here, but drag was referring to perf events. CONFIG_PERF_EVENT is forced on (why?) for anyone using X86.

Ewan then followed up saying basically what I just said in the above paragraph, referring to the exploit released that was mentioned in this article, but without explicitly mentioning perf events you still understood him to be talking about user namespaces.

All sorted now! :)

-Brad

Local root vulnerability in the kernel

Posted May 22, 2013 16:45 UTC (Wed) by nix (subscriber, #2304) [Link]

Yeah, I was firing at the wrong thing. Misread, drag and ewan and you are right.

One problem with the rather nice LWN Recent Comments thing is a lack of context, and it sometimes leaves you astray :)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds