GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 05-15-2013, 12:05   #1
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,153
"Longstanding Root Access Vulnerability" Say it Ain't So!

Found this to be a very interesting article...

Critical Linux vulnerability imperils users, even after “silent” fix

I better check my linux forrest for patches!

Patch them linux boxes!!!
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 05-15-2013, 20:30   #2
Detectorist
Senior Member
 
Detectorist's Avatar
 
Join Date: Jul 2008
Location: Missouri
Posts: 8,089
Quote:
Originally Posted by Pierre! View Post
Found this to be a very interesting article...

Critical Linux vulnerability imperils users, even after “silent” fix

I better check my linux forrest for patches!

Patch them linux boxes!!!
No operating system is perfect. The bad guys have a huge incentive to find ways in.
__________________
NASM-Certified Personal Trainer

The single biggest problem in communication is the illusion that it has taken place”. George Bernard Shaw
Detectorist is offline   Reply With Quote
Old 05-16-2013, 19:16   #3
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,153
Quote:
Originally Posted by Detectorist View Post
No operating system is perfect. The bad guys have a huge incentive to find ways in.
Yes, this we know... Just odd to find out that such a "hardened" OS would be this vulnerable.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 05-16-2013, 20:47   #4
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,399
Sigh...
This is only true if;
1) It is a local user compiling the hack. Doesn't work over a network. As a Senior Network Admin I never, never give local users the rights to compile on their systems much less a server. Dah!!!

AND

2) If you have compiled a kernel using the 'PERF_EVENTS' option. Rare, very rare.

Just point me to ONE system in the wild that actually has been cracked by this.

You Windows people just can't accept that you have a bad O.S. that you have to blow up such non-events as this.

Get real, potential for cracks is not the same as the 100's of million Windows systems that make up the bot'nets of the internet.
__________________
It it's not on fire,
It's a software problem.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Linux3 is offline   Reply With Quote
Old 05-18-2013, 20:56   #5
Pierre!
NRA Life Member
 
Pierre!'s Avatar
 
Join Date: Jun 2003
Location: Lovin Sparks Nv!
Posts: 4,153
hey, Hey, HEY...

I was simply drinkin the 'ARS Technica' Koolaid...

Thanks for the education anyway... (LOL)

L8ter...
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.


Download YOUR copy of
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

My Gift to You, AND it's >FREE<
Pierre! is offline   Reply With Quote
Old 05-19-2013, 19:24   #6
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 441
Interestingly, all the Redhat Enterprise 6 clones (CentOS and Scientific Linux) we run have PERF_EVENTS selected in kernels. Fortunately, our servers provide services and not set up for users.

The thing I like about Linux is how quickly a fix shows up. One could either patch and rebuild their kernel or upgrade to a patched kernel within days of this coming to light. The May 16 RHEL 6 kernels '2.6.32-279.22.1.el6.x86_64' are patched.

This laptop is running kernel 3.9.2 that came out May 11 and it's patched.

This one was easy to patch, but difficult to stop with the usual precautions. For example, if the exploit could be written in Perl, a non-root user could run 'perl expliot.pl' in a /home directory that is mounted 'noexec'. SELinux would not have stopped it either.

It's better to have lots of eyes looking at openly available source code. That actually makes it harder for exploits to exist for long.

Linux is not perfect, but I prefer it a thousand times over Windows.

Edited to add: This one may not have been "long standing". It was back-migrated to older kernels. That gave the appearance it has been around since the introduction of those older kernels. So, while the potential existed, new kernels were patched within days of the existence of a practical exploit.
__________________
People who've had to deal with their karma are more interesting to talk to.

Last edited by harrygunner; 05-19-2013 at 19:31..
harrygunner is offline   Reply With Quote
Old 05-20-2013, 18:13   #7
WiskyT
Malcontent
 
WiskyT's Avatar
 
Join Date: Jun 2002
Location: North Carolina
Posts: 11,758
Tech Talk
__________________
Drugs are bad because if you do drugs you're a hippie and hippies suck.
Eric Cartman


"If you kill enough of them, they stop fighting."-General Curtis E. LeMay
WiskyT is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 09:53.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,000
246 Members
754 Guests

Most users ever online: 2,244
Nov 11, 2013 at 16:42