No ELF Vulnerability in 2.6 Kernel 86
gaijincory writes "Greg KH, the co-maintainer of the 2.6 kernel has posted a comment on lwn.net confirming that there is indeed no such ELF vulnerability as spelled out by Paul Starzetz on isec. The bug was originally thought to be particularly nasty, allowing a malicious user to gain elevated privileges using a carefully crafted binary which would exploit the kernel's Executable and Linking Format. The bug's author confirmed that no one has been able to repro the exploit."
No ELF vulnerability eh? (Score:5, Funny)
Re:No ELF vulnerability eh? (Score:2)
Re:No ELF vulnerability eh? (Score:5, Informative)
Just FYI:
DWARF (Debug With Arbitrary Record Format) is a format for debugging information for ELF files.
(Yes, I know the parent is joking.)
Re:No ELF vulnerability eh? (Score:2, Funny)
GNOME (GNU Network Object Model Environment) is a desktop environment.
GNU of course is short for GNU's Not Unix, so the second-level expansion of GNOME is GNU's Not Unix Network Object Model Environment. Which indeed is a true statement, since GNU indeed is no Unix Network Object Model Environment.
Of course recursive expansion of GNU does no good. GNU's Not Unix Not Unix doesn't make
Re:No ELF vulnerability eh? (Score:4, Funny)
Re:No ELF vulnerability eh? (Score:2)
Re:No ELF vulnerability eh? (Score:2, Funny)
Re:No ELF vulnerability eh? (Score:1)
Oh _that_ makes sense (Score:5, Interesting)
Re:Oh _that_ makes sense (Score:2)
Re:Oh _that_ makes sense (Score:2)
Why so confident? (Score:5, Interesting)
Re:Why so confident? (Score:3, Funny)
as root.
Re:Why so confident? (Score:2)
Re:Why so confident? (Score:2)
Nope, didn't choose that option.
Re:Why so confident? (Score:5, Funny)
This technique could have other uses as well. Your hard disk is too small? Well, double your hard disk space with cat
Well, actually I think I'll make my main memory and disks grow infinitely:
cat
SCNR
Re:Why so confident? (Score:3, Funny)
Re:Why so confident? (Score:2)
Re:Why so confident? (Score:2, Informative)
If the tree falls in the woods, no-one hears it... (Score:4, Interesting)
Re:If the tree falls in the woods, no-one hears it (Score:5, Interesting)
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:3, Interesting)
A while back (in '92) there was the 'PS' bug.
Because ps lists full processor charts of whats running, how much cpu time, and how much mem used up, it requires root access (hence a suid root bit set).
When you run it, it would create a
Now, how would you hack a system like this to get root? On this specific SUN
Re:If the tree falls in the woods, no-one hears it (Score:1)
Re:If the tree falls in the woods, no-one hears it (Score:2)
In the most likelyhood, some idjit will think this is 'security' and secure a telnetd on a port. Then when they're hacked, oh-nos! Thats when they realize from the logs the attack came from within the ISP. Big surprise.
Anyways, I'd prefer to use standard queries for networks and not have everyting hidden... Having sshd running with no key-sharing is plenty secure enough for
Re:If the tree falls in the woods, no-one hears it (Score:4, Insightful)
Was he a zen monk? If you follow that philosophy then all occurances are first occurances and therefore never happen, causing the next occurance to again be the first.
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:2)
Re:If the tree falls in the woods, no-one hears it (Score:3, Interesting)
Re:Random one time bug (Score:2)
The bug's author? (Score:5, Funny)
"I'm a bug author. Today I've written five bugs!" Sounds like a nice career choice ...
Bug author == programmer (Score:1)
Re:The bug's author? (Score:1)
Huh (Score:1, Funny)
That's really comforting.
Re:Huh (Score:1)
Thoughts in my head at the moment... (Score:3, Interesting)
According to Starzetz report, the flaw is in the function elf_core_dump(), (...)
That writes itself. Adding in references likening this to bears and woods is optional and subliminal.
Anyhow, if there is an ELF core dump bug and no one else steps in it, does it really matter? Did it really happen?
Do we dump the kernel, insist on a grooming of all ELF involved code, and rebuild and recompile?
What is the threshold anyhow for reproducing a bug? How many people must do it? If only one person reports activating the bug, do we ignore all their documentation of the event as if it was spurious because we couldn't do it? Do we wait till a malware write manages it?
What is the proper level of concern here?
Re:Thoughts in my head at the moment... (Score:4, Interesting)
Of course, if the bug is not exploitable, system admins might delay updating the kernel if a reboot is inconvenient, but for kernel developers, every bug should be fixed whenever possible.
As an Elf... (Score:5, Funny)
isec rules (Score:4, Interesting)
Many Exploits don't work as advertised (Score:5, Informative)
We found that almost all the exploits we tried did not work as advertised. Yet the security advisory lists blindly post these as if they work. While the design/implementation issues may be present in a range of kernels, I'm beginning to think that these exploits are not vetted, and that the exploit writers look for a possible weakness and publish a piece of software that sort of pokes at it and claim success. It is very frustrating, since if the vulnerability can be exploited, a bogus exploit gives a false sense of security (since you can't compromise the system using it).
Re:Many Exploits don't work as advertised (Score:2)
its not like the ms world were there are very few builds all released by ms. with linux anyone can make thier own build and its very likely that an exploit will need tweaking for each one.
Re:Many Exploits don't work as advertised (Score:2)
It is hard to say, the exploits are typically released with mysterious hard coded values in them, with no documentation of how those values are computed. Also many exploits claim to exploit race conditions. Often, the vulnerability these folks write
Re:Many Exploits don't work as advertised (Score:4, Insightful)
The mostly likely one is that exploits are intentionally broken when released. The reasons why are numerous and have been discussed before. But it's common to find exploits that have intentional programming errors. Every so often, an exploit author will release a "working" exploit on BugTraq. When this happens, the author is typically flammed because he didn't break the exploit.
Another common cause is the author didn't design the exploit to be portable. If the author returned to libc in the exploit and they wrote it on say a Slackware system, the exploit probably will not work as written on FC2.
There are times when vulnerabilities exist only when a complex list of environmental conditions are met. A certain kernel version, using a certain version of libc, compiled with a certain version of gcc with a particular compiler option, on a particular filesystem.....
Re:Many Exploits don't work as advertised (Score:3, Interesting)
Unfortunately the effort of trying to find the bug is often large, and many times when I read the kernel or application code t
Re:Many Exploits don't work as advertised (Score:2)
Important coded is being maintained by flim-flam artists?
hawk
Re:Many Exploits don't work as advertised (Score:3, Interesting)
Re:Many Exploits don't work as advertised (Score:1)
2.6 may be fine, but 2.4 isn't (Score:2)
--Quentin
Re:2.6 may be fine, but 2.4 isn't (Score:1, Informative)
Re:2.6 may be fine, but 2.4 isn't (Score:1)
Re:Paul's earned the benefit of the doubt (Score:1)
It is a shame to see that this bug prompted the immediate release of a new 2.6.11.x stable series patch, when other real bugs did not and took over 10 days from discovery to patching. (see latest
I don't think that the new and improved stable release system is working perfectly yet.
Yet another case of too many TLAs (Score:2)