User: Password:
|
|
Subscribe / Log in / New account

Local root vulnerability in the kernel

Local root vulnerability in the kernel

Posted May 15, 2013 21:14 UTC (Wed) by landley (subscriber, #6789)
In reply to: Local root vulnerability in the kernel by aliguori
Parent article: Local root vulnerability in the kernel

By the way, "sandboxing" won't help a kernel that's running in ring 0 from something that lets you write to arbitrary memory; if you want to switch perf off don't load the module or drop it from your .config, a distro flinging everything at the wall and then adding _more infrastructure to switch it off again seems kinda silly. (Neither will selinux's whack-a-mole rules: if it's unknown, by definition you haven't got a rule for it yet.)

As the old saying goes, you either make the system simple enough there are obviously no vulnerabilities, or you make it complicated enough there are no obvious vulnerabilities.

(Of course "unknown" is relative. I'm curious about http://www.exploit-db.com/exploits/25444/ having "2010" in the copyright-like notice up top. I know the israeli secret service and russian kleptocracy and such have way better fuzzers than open source has bothered with until recently, the main protection for Ubuntu systems is we're less than 1% of the installed base so nobody _cares_. I'd worry more about android phones getting morris-wormed with something like this...)


(Log in to post comments)

Local root vulnerability in the kernel

Posted May 16, 2013 0:46 UTC (Thu) by aliguori (subscriber, #30636) [Link]

It's really quite simple. The kernel/userspace boundary is huge with more stuff going in all of the time.

Applications that are high risk need to proactively isolate themselves and reduce that boundary.

Let's not kid ourselves here. If you have local user privileges and can run arbitrary code, SELinux or not, I'm quite confident there are more 0days out there that you could use to elevate to root.

"unprivileged" users don't exist anymore.

Local root vulnerability in the kernel

Posted May 17, 2013 2:57 UTC (Fri) by deater (subscriber, #11746) [Link]

> if you want to switch perf off don't load the module or drop
> it from your .config,

perf can't be compiled as a module, and as far as I know it can't be turned off on x86 since about 2.6.37 or so. I'll be glad to be proven wrong on that count though.

It's true any user/kernel interface leads to issues like this, but it doesn't help that perf has such a complex interface (check out the manpage for it sometime). We might have been better off if a simpler perf counter interface (like perfctr or perfmon2) that was closer to a thin layer abstracting the MSRs had been merged instead.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds