Critical Security Hole in Linux Wi-Fi 262
thisispurefud writes "A flaw has been found in a major Linux Wi-Fi driver that can allow an attacker to run malicious code and take control of a laptop, even when it is not on a Wi-Fi network."
Re:patched already (Score:3, Informative)
Re:patched already (Score:2, Informative)
First reported December 2006 (Score:5, Informative)
Re:patched already (Score:4, Informative)
The module in question is found here [madwifi.org]. (slow to load)
I am a bit confused... (Score:5, Informative)
http://madwifi.org/changeset/1842 [madwifi.org]
Re:patched already (Score:0, Informative)
Of course. That's what fanboys do!
Dunno? (Score:1, Informative)
Re:Oh, madwifi. Surprise! Closed source still suck (Score:4, Informative)
Re:In other news.. (Score:3, Informative)
madwifi links. (Score:5, Informative)
The madwifi howto is here [madwifi.org]. It seems that you can type, "lsmod | grep ath_pci" to find out if you are running the supposedly exploited module. My simple Etch system does not have this or wlanconfig tools by default, though those tools look very nice and I'm sure this little problem will be fixed quickly.
I have to agree with you about the uselessness of the PC World article. Besides not having any useful information, it's filled with FUD about free software wifi and confused "popularity argument" babble. In short it's more of a, "everyone else has these problems too, so Windoze away," pacifier than it is a news article.
Fixed Dec 15th on my box (Score:5, Informative)
It looks that way to me.
Unless this is a different vulnerability, Debian applied the fix [debian.org] over four months ago, two days after the patch was available, and eight days after the vulnerability was first reported [grok.org.uk]
I saw the article and immediately started aptitude to get the fix, only to discover that I already got it, two weeks before Christmas. Nice.
Re:In other news.. (Score:5, Informative)
Actually, this kind of crap goes away when you stop using NULL terminated strings and put in size checks.
Re:Linux Wi-Fi? What Linux Wi-Fi? (Score:3, Informative)
Of course, I did have the foresight to ask my friends about what works on Linux, which I'm sure helped tremendously. However the laptop I bought didn't really let me choose a wifi card, and it still works with Ubuntu. Of course, Ubuntu takes a much more friendly stance on closed source drivers than Debian or Fedora, and that also helps a great deal. I'm pretty sure neither of my wifi devices work out of the box with Fedora (one more reason I didnt switch back to Fedora after trying out Ubuntu).
Re:There's more to the world than Microsoft. (Score:4, Informative)
What I see is more the horrible state of software security. A security model that relies on all the writers of driver code in your computer to do their job right is a poor security model.
You're right. Unfortunately with the current design of PC hardware it's difficult to provide protection from poorly written drivers. For example, it's very common for drivers to be able to (a) initiate DMA transfers to/from any part of physical memory, and (b) lock the PCI bus by messing with the bus arbitration. You can do things like having an exokernel [wikipedia.org] -- small trusted multiplexers go in the kernel and the larger parts of your drivers sit (untrusted) in userspace, but performance generally sucks. Some hardware (eg. graphics cards) makes it hard even to do this.
Luckily virtualisation is driving better solutions, and they're coming to a PC near you soon (in fact, they've already come to the PCs I'm using daily, but those are test articles). Primarily with virtualisation we want to be able to hand off devices to untrusted guest operating systems. For example give each guest its own physical network card. That won't work too well if guests can stomp on each others memory using DMA transfers. The new hardware actually has hardware support to stop the guests doing bad things.
Look at Intel's VT-d [intel.com] for example.
Rich.
Re:patched already (Score:5, Informative)
Or rather, a small open-source Linux compatibility shim around the actual, binary only driver.
Look further into that link you pasted:
http://madwifi.org/browser/trunk/hal/public [madwifi.org]
Those
> The module in question is found here. (slow to load)
Ah, so the flaw is in the open source shim part. Fooey. =/
As an aside, and as I suspect you might already know, there is an effort to replace the binary-only part of that driver with Free software, and the Madwifi people have cooperated as much as they're able. They even host the development in their own repository:
http://madwifi.org/browser/branches/madwifi-old-o
Cheers!
Ummmm, no. (Score:3, Informative)
Okay, what is it about the "average user" that makes Linux not ready for prime time?
Okay, now you're talking about Windows. And I'll disagree about 90% of Microsoft's security problems being the fault of the users. The default install of a system should be secure enough WITHOUT requiring the users to know how to secure it.
And by "something" you mean "plug it into the Internet as it was advertised".
Meanwhile, Ubuntu ships with NO open ports by DEFAULT. So I can plug it straight into the Internet in it's default configuration.
And with Ubuntu's default installation, that is not a problem.
But it is a problem with Windows.
But you say that that means that Linux is not ready for prime time.
Users will always install vulnerable apps. You cannot compare two systems based upon what the admins of those systems can or cannot do with them. Instead, compare the default installations and how their security models are implemented.
Re:Fixed! -not! (Score:5, Informative)
You won't be getting any updates for FC3 since the Fedora Project has dropped support for that. If you like the Fedora distribution you can go with FC6 or wait for May 24 when FC7 is due to be released. Otherwise, Ubuntu is a fine distribution.
Try this:
Re:patched already (Score:3, Informative)
Re:Mod this AC up please, and GP down (Score:3, Informative)
Re:Flaw? Patched? Microsoft? Linux? (Score:3, Informative)
An issue with madwifi is an issue which can affect linux, but is not a bug in linux per se (since its not in the default kernel).
It may be a bug with a particular distribution of linux, if that distribution were to include these drivers.
Similarly, a bug in firefox or apache could also affect windows users if they chose to install it, but it won't be flagged as a windows bug because it's not present by default. Conversely, it will be flagged by most linux vendors as most linux distributions do include these programs.
When needs to be considered is that:
There are many linux distributions, each of these will release their own advisory listing affected versions of their distro, so you may get 10 advisories for a single issue.
Most linux distributions come with thousands of apps, far more than come with windows or even than microsoft publish as a whole.
Back to drivers, there are many many companies producing drivers for windows, many of which are questionable quality (most windows crashes are often blamed on poor drivers, how many of these crashes could be exploitable bugs?) so there are probably many many security holes to be found. The difference is that people aren't looking for holes in third party windows drivers, they would only affect people with certain types of hardware, and there is plenty of much lower hanging fruit to be found on the average windows system.
Re:I am a bit confused... (Score:3, Informative)