Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linux X.org Critical Security Flaw Silently Patched

CmdrTaco posted more than 4 years ago | from the pay-no-attention dept.

Bug 259

eldavojohn writes "On June 17th, the X.org team was notified by Invisible Things Lab of a critical security flaw (PDF) that affected both x86_32 and x86_64 platforms. The flaw deals with escalated privileges of a user process that has access to the X server. The founder of ITL said of the flaw, 'The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn't take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system.' This has apparently been a security flaw since kernel 2.6 was released. From the article, 'On 13 August, Linus Torvalds committed an initial fix, but several patches were added afterward for various reasons. The problem has been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.'"

cancel ×

259 comments

Sorry! There are no comments related to the filter you selected.

What I suggest to people (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33289976)

It's a known fact Windows computer are full of viruses. Linux seems to be too, and it's not user friendly nor a good tool. But at least there is something different people can use - Mac. It's user friendly, you never get malware and you get things like Photoshop and a great looking UI!

Seriously, people need to stop using Windows. It is the cause for all the malware problems. I think some day Steve Jobs will do the world a great favor and change all the Windows computers to a Mac for free. People need to start seeing the real things happening around them. Mac is here to stay and win. It is the only good solution we have, because it is the only system with absolutely no malware what so ever! You can't say the same about Windows or Linux, can you?

I don't understand why people even need anything else than a Macintosh. Linux isn't going anywhere. Windows is full of viruses and is hugely losing market share to Mac's every single day. We can change the world today, but we have to do it together!

Re:What I suggest to people (1, Redundant)

DarkKnightRadick (268025) | more than 4 years ago | (#33290060)

You do realize that Mac is built on a FreeBSD kernel?

Re:What I suggest to people (5, Funny)

stagg (1606187) | more than 4 years ago | (#33290172)

You do realize that Mac is built on a FreeBSD kernel?

Macs can't be exploited. That's why people paid to get into the walled garden, it's safe in there. LA LA LA LA LA LA I CAN'T HEAR YOU.

Re:What I suggest to people (1, Offtopic)

DarkKnightRadick (268025) | more than 4 years ago | (#33290356)

lol

Though I wonder how I'm off-topic, considering this is about a Linux vulnerability.

Oh wait, this is /., nvm

Re:What I suggest to people (0)

Anonymous Coward | more than 4 years ago | (#33290206)

FreeBSD userland, mach kernel

Re:What I suggest to people (1)

DarkKnightRadick (268025) | more than 4 years ago | (#33290412)

http://en.wikipedia.org/wiki/Mach_(kernel) [wikipedia.org]

Neither Mac OS X nor FreeBSD maintain the microkernel structure pioneered in Mach, although Mac OS X continues to offer microkernel Inter-Process Communication and control primitives for use directly by applications.

Re:What I suggest to people (4, Informative)

l2718 (514756) | more than 4 years ago | (#33290340)

You do realize that Mac is built on a FreeBSD kernel?

Actually, MacOS uses the Mach microkernel in a BSD system; some code was taken from FreeBSD -- but not the kernel.

Re:What I suggest to people (1)

Thinboy00 (1190815) | more than 4 years ago | (#33290442)

Actually, MacOS uses the Mach microkernel in a BSD system; some code was taken from FreeBSD -- but not the kernel.

Really? I thought they used Darwin...?

Re:What I suggest to people (4, Informative)

bsDaemon (87307) | more than 4 years ago | (#33290544)

Darwin is their codename for what is the open source bits of MacOS X. The kernel is largely based on Mach. Since its a Microkernel, it can have "servers" for different subsystems, including BSD, which aren't really "kernel modules" in the Linux or BSD sense. A lot of the userland and C libraries are derived from FreeBSD, with some GNU stuff, and custom changes to both. They did hire a bunch of big-name FreeBSD people though, like Jordan Hubbard, which just contributes extra confusion to a confusing situation.

Re:What I suggest to people (1)

DarkKnightRadick (268025) | more than 4 years ago | (#33290584)

http://en.wikipedia.org/wiki/Mac_OS_X [wikipedia.org]

http://en.wikipedia.org/wiki/Mach_(kernel) [wikipedia.org]

Neither Mac OS X nor FreeBSD maintain the microkernel structure pioneered in Mach, although Mac OS X continues to offer microkernel Inter-Process Communication and control primitives for use directly by applications.

Re:What I suggest to people (1)

abigor (540274) | more than 4 years ago | (#33291058)

From your first link: "Mac OS X is based upon the Mach kernel."

Re:What I suggest to people (1)

Third Position (1725934) | more than 4 years ago | (#33290428)

You do realize that Mac is built on a FreeBSD kernel?

Well, more accurately it's a mach based os that presents both a BSD and a Mac OS personality. /pendant

Re:What I suggest to people (2, Funny)

DarkKnightRadick (268025) | more than 4 years ago | (#33290608)

pedant*

Unless you are actually a piece of jewelery.

Re:What I suggest to people (1)

tuxgeek (872962) | more than 4 years ago | (#33290666)

You're wrong
All systems have bugs, even MACs.
You're being naive if you think you are completely secure in your sandbox.

There will always be exploits and/or proof of concept exploits for MAC as well as Linux platforms, but are usually patched immediately without damage or fanfare.

Nothing to see here, move along .. SSDD

Re:What I suggest to people (1)

hazah (807503) | more than 4 years ago | (#33290780)

It was an obvious troll.

Re:What I suggest to people (1)

DJRumpy (1345787) | more than 4 years ago | (#33291578)

Agreed. If it was a true mac fan, that was just embarrassing (and this coming from me, a true Mac user). If it was a troll pretending to be a mac fan, it was still just embarrassing. All computers are vulnerable to exploits.

Back on topic, this PDF vulnerability reads a lot like the vulnerability exposed in iOS4 that allowed a jailbreak in the user space via a PDF exploit.

Are they related?

Convenient (5, Funny)

rotide (1015173) | more than 4 years ago | (#33290040)

So, I'm supposed to click a link to read a PDF about a PDF flaw. You sly boots!

Re:Convenient (1)

Asmodaie (1823348) | more than 4 years ago | (#33290082)

Ah, you beat me to it.

Re:Convenient (0)

Anonymous Coward | more than 4 years ago | (#33290690)

Came here to post the same!
Can't wait to be Adobe's PR dept.

Re:Convenient (3, Funny)

Abstrackt (609015) | more than 4 years ago | (#33291246)

Came here to post the same!

Came here to post something completely different! (I just like the attention)

Re:Convenient (0)

odies (1869886) | more than 4 years ago | (#33290104)

So, I'm supposed to click a link to read a PDF about a PDF flaw. You sly boots!

It's not a PDF flaw, it's a flaw in Linux kernel. The malicious PDF file was just an example for an attack vector. You know, the same way it works in Windows. No system is immune to these kind of attacks, the only reason Linux and Macs see them less is because most of the users are on Windows (especially the "stupid" or casual ones). Not even the walled gardens like iPhone, where PDF attack was used to root and jailbreak the system just recently.

Re:Convenient (3, Interesting)

Nadaka (224565) | more than 4 years ago | (#33290284)

Another reason Linux is safer is that these problems get due attention when reported, but for the windows team puts effort to fix most problems, it has to be a source of embarrassment for the company.

Re:Convenient (0, Flamebait)

odies (1869886) | more than 4 years ago | (#33290344)

Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

Also, note that this was silently patched with no announcement of the problem. It has been there since kernel version 2.6. That is a long, long time.

Re:Convenient (4, Insightful)

NNKK (218503) | more than 4 years ago | (#33290426)

Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

What rock have you been living under?

Re:Convenient (-1, Troll)

odies (1869886) | more than 4 years ago | (#33290534)

Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

What rock have you been living under?

Want to show me some non-patched privilege escalation exploit in Windows?

Re:Convenient (1, Informative)

digitalunity (19107) | more than 4 years ago | (#33291242)

Oh god they're countless. Sure, the publicly known privilege escalations are patched now, but there are a few that were around for many many years.

The old NT login bug was there for a long time before MS fixed it.

Re:Convenient (0, Troll)

drsmithy (35869) | more than 4 years ago | (#33291482)

Oh god they're countless.

List 10.

Re:Convenient (2, Insightful)

Peach Rings (1782482) | more than 4 years ago | (#33290438)

They patched [kernel.org] it, I don't know what you expect them to do beyond that. "Silently" just means that slashdot didn't pick up on it or something.

Also,

Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

Are you kidding?

Re:Convenient (5, Informative)

Anonymous Coward | more than 4 years ago | (#33290488)

What are you on about? There a full changelog for the patched code. Do you have any idea how much changes in the linux tree each week? One bugfix is not going to make news other than from a pro-Windows news outlet attempting to make it appear there's a cover up. Try reading LKML if you're stupid enough to think there's a conspiracy going on.

Re:Convenient (2, Insightful)

erroneus (253617) | more than 4 years ago | (#33290542)

Yes.... yes I do. We have seen it with the process messaging flaw.

Microsoft is a for-profit company. To make a profit, they have to control costs and increase sales. By paying people to patch vulnerabilities, they are increasing costs. This has the effect of lowering profit. On the other hand, their reputation has impact on their ability to make sales (though admittedly, not as much when you are not a monopoly). So if the flaw is well known (which in this case, became the headline of a great many news stories) they might be pushed in the direction of spending the money to fix it, but since they are a monopoly, it takes a much bigger push to get a flaw like that fixed than if they were in competition with other OS makers. And I am sure they work under some sort of formula that says "If cost of fix x 10 loss of sales then ignore it" or something like that.

So yes, if they felt that the threat to their profits is large enough they will take action... else they will not. Lately, Microsoft is facing a lot of competition so yeah, they are more likely to take action now than ever before. But that has not always been the case, especially during their golden years of "embrace and extend" and other standards-trampling behaviors. They could pretty much do whatever they wanted... and did.

Re:Convenient (0)

Anonymous Coward | more than 4 years ago | (#33291010)

The only issue with your logic is that the cost of repairing bugs is infinitesimally small when compared to the revenue that Microsoft generates. The cost of bad press is far more than fixing the OS.

I think the problem with MS is that they are a leviathan, and slow.

Re:Convenient (1)

drsmithy (35869) | more than 4 years ago | (#33291514)

So yes, if they felt that the threat to their profits is large enough they will take action... else they will not.

Yet regularly and frequently they release bugfixes for problems that are neither high profile, nor "embarrassing". Strange.

Re:Convenient (1)

morgan_greywolf (835522) | more than 4 years ago | (#33290676)

Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?

Yes. Microsoft's track record certainly speaks for itself. There have been plenty of instances where known non-patched privelege escalation exploits in Windows went unpatched by Microsoft for years. (One I'm thinking of in particular affected GDI).

Re:Convenient (0, Redundant)

Lunix Nutcase (1092239) | more than 4 years ago | (#33290758)

There have been plenty of instances where known non-patched privelege escalation exploits in Windows went unpatched by Microsoft for years. (One I'm thinking of in particular affected GDI).

Your case might be more persuasive if you actually linked to them rather than a vague claim of "plenty of instances". If there were so many, you could link to at least a couple, no?

Re:Convenient (2, Informative)

betterunixthanunix (980855) | more than 4 years ago | (#33290776)

Also, note that this was silently patched with no announcement of the problem.

It was not "silently patched." It would be pretty hard to "silently patch" the Linux kernel, unless you could come up with some other explanation of your changes to the kernel developer. The patch was noted in the changelog like any other patch. No attempt was made to hide it.

Or did you think that the developers should have been screaming about the patch from the rooftops? This is not the first security bug to patch in this way.

Re:Convenient (2, Interesting)

machxor (1226486) | more than 4 years ago | (#33290420)

It's not a PDF flaw, it's a flaw in Linux kernel. The malicious PDF file was just an example for an attack vector. You know, the same way it works in Windows. No system is immune to these kind of attacks, the only reason Linux and Macs see them less is because most of the users are on Windows (especially the "stupid" or casual ones). Not even the walled gardens like iPhone, where PDF attack was used to root and jailbreak the system just recently.

You got it spot on. Although in my personal experience I've had more Linux servers compromised than Windows ones. Could be the fact that in general my Linux servers are exposing services to the internet where as my Windows servers are not. Or it could be the fact that at times questionable users (ie: customers) have had access to my Linux boxes. Oh and then there was one time my MS-DOS server was compromised (lol).

In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.

Re:Convenient (0)

Anonymous Coward | more than 4 years ago | (#33290536)

You got it spot on. Although in my personal experience I've had more Linux servers compromised than Windows ones.

Reference please? Which Linux servers? Red-hat? Debian? SELinux enabled?

Sounds like you know a lot about the subject..

Re:Convenient (3, Interesting)

machxor (1226486) | more than 4 years ago | (#33290980)

Reference please? Which Linux servers? Red-hat? Debian? SELinux enabled?

Sounds like you know a lot about the subject..

This was between 1999 and 2003 when a partner and myself were running a small web hosting/shell company Mach Nine Internet Services, http://www.mach-nine.com/ [mach-nine.com] (under construction now?), http://www.lomag.net/information/news.php [lomag.net]

Always Redhat... started with 6 (which was the 2.2 kernel...) and think we ended at 7.1.

In any case this small period of time was the only time I've had Linux servers publicly available on the internet and two of three machines were rooted due to a (2.4?) kernel flaw that made it trivial to escalate privileges if you had a shell (which being a shell provider...). Since then I've had several Windows servers publicly servicing the internet but the difference is that they are for my personal use and not high profile (in relation to my old Linux servers) targets.

My statement was not one about the inherent security of one OS over the other. There is more I could have done to prevent the root attacks on the Linux machines and I don't deny that. I'm repeating myself here but my point was:

In general it's not the OS keeping you secure it's how valuable of a target you are and how vigilant you are at security.

Re:Convenient (0)

Anonymous Coward | more than 4 years ago | (#33290970)

How shitty an admin do you have to be to have so many compromised machines? I can see how you've come to your conclusion however I think you've got it all wrong, the weak link in the chain seems to be you, not how valuable you are.

PDF flaw? (1)

hackwrench (573697) | more than 4 years ago | (#33290620)

I'm missing something here. A PDF reader shouldn't let a PDF file anywhere near executable code, should it?

Re:PDF flaw? (1)

betterunixthanunix (980855) | more than 4 years ago | (#33290740)

Depends on whether or not the reader can be compromised. Adobe's PDF reader is known to allow the execution of arbitrary programs and code on the target system if you send someone a specially crafted PDF.

Of course, plenty of other PDF readers do not, and on a number of desktop Linux distros, packages are compiled with stack and heap smashing protection enabled, so finding a PDF exploit would be pretty tough. Of course, a lot of people wind up installing Acrobat Reader on their systems despite the available of libre PDF readers in the repositories, so perhaps the point is moot.

Re:PDF flaw? (1)

vtcodger (957785) | more than 4 years ago | (#33290868)

**I'm missing something here. A PDF reader shouldn't let a PDF file anywhere near executable code, should it?***

Not a stupid question although it'll probably get treated as such. My understanding is that PDF is sort of an partial encapsulation of Postscript and therefore can include some kinds of executable code. Personally, I've never much cared for pdf/postscript which have always seemed to me to be a maximal grief approach to getting a document (possibly) printed ... if the stars are right and the force is with you.

Re:PDF flaw? (1)

digitalunity (19107) | more than 4 years ago | (#33291336)

The PDF specification includes a lot of active content features that most linux readers don't even support.

One in particular comes to mind and that is javascript. Although javascript isn't directly executed by the host machine(it's interpreted), that makes it a really attractive attack vector.

Re:Convenient (0)

Anonymous Coward | more than 4 years ago | (#33290668)

er...woosh?

Re:Convenient (2, Funny)

blair1q (305137) | more than 4 years ago | (#33290898)

Just click the popup telling you that your PC is infected. That'll fix it.

Blame Xorg (5, Interesting)

betterunixthanunix (980855) | more than 4 years ago | (#33290074)

Xorg is a mess. Fedora had to craft a special SELinux policy, which exempted Xorg from a number of restrictions that apply to other applications (for example, the ability to unset the NX bit on a region of memory), because not only does Xorg do so many questionable things, but there is no good way to fix it. That, and the fact that Xorg runs as root, make it a particularly weak link in the chain.

Re:Blame Xorg (1, Informative)

Anonymous Coward | more than 4 years ago | (#33290124)

I run Nvidia cards, so I switched as fast as I could to a KVM-enabled driver, which allows me to run Xorg as a user, not as root. As I recall, the FOSS drivers for both ATI and Nvida allow this currently.

Re:Blame Xorg (0)

Anonymous Coward | more than 4 years ago | (#33290348)

What the heck. I meant KMS, not KVM.

Re:Blame Xorg (4, Interesting)

vadim_t (324782) | more than 4 years ago | (#33290210)

That should be fixed eventually. With the switch to kernel modesetting (already happening) there shouldn't be any need for X to mess directly with hardware anymore, and without that it should run just fine without root privileges.

Re:Blame Xorg (1)

ultranova (717540) | more than 4 years ago | (#33290574)

Is that the only thing still running in userspace? I was under the impression that you still need device-specific drivers in the X server. Or are we finally approaching the point where the kernel exposes a framebuffer console with standard accelerated features (OpenGL, preferably), and X or any other program can simply run on top of that?

Re:Blame Xorg (4, Informative)

Cyberax (705495) | more than 4 years ago | (#33290824)

Yep.

On Linux input devices are now moved into the kernel. The only complex thing remaining is modesetting and hardware acceleration. But they are being fixed as well.

In fact, you can run 'rootless X' on Fedora ( http://lwn.net/Articles/341033/ [lwn.net] ) and soon on Ubuntu ( https://blueprints.edge.launchpad.net/ubuntu/+spec/desktop-maverick-rootless-x [launchpad.net] ). Here 'rootless' means that the server doesn't require root privileges to work.

Re:Blame Xorg (1)

pizzach (1011925) | more than 4 years ago | (#33291606)

:-/ Can someone tell me what running startx does as a normal user? Is it still running as root?

Re:Blame Xorg (1)

gzipped_tar (1151931) | more than 4 years ago | (#33290652)

Hopefully, Wayland could be able to fix most of these kind of mess in Xorg (assuming it ever comes out).

Re:Blame Xorg (0)

Anonymous Coward | more than 4 years ago | (#33290770)

There is no real need to run as root anymore. MeeGo X does not do that, as an example.

Re:Blame Xorg (0)

Anonymous Coward | more than 4 years ago | (#33291170)

Actually, if you read the paper, this is not an Xorg bug.

if i understand it correctly, the problem is that X allows direct access to some parts of its memory to user processes.
this is done to allow writing to pixmaps, and is safe in itself.

the problem is, that the linux kernel allows creation of such a mapping just above the stack; then the stack grows a little and hits the user-controlled memory, and then the user can write directly to the xorg-stack - and overwrite return adresses of functions.

the problem here is insufficient protection offered by linux - the stack should NEVER grow into shared memory areas!

Re:Blame Xorg (0)

Anonymous Coward | more than 4 years ago | (#33291278)

(same AC here)

For the record: i agree that xorg is somewhat too big and complicated to run as root. it isnt the culprit here, though...

How much more 'silent' was than other bugs? (4, Insightful)

master_p (608214) | more than 4 years ago | (#33290112)

Do the Linux developers put a news announcement out every time there is a bug and they forgot about it this time?

Isn't it a little sensational to imply that Linus and the other people didn't want this bug to be known because they fear Linux will be characterized as buggy?

Re:How much more 'silent' was than other bugs? (4, Insightful)

stagg (1606187) | more than 4 years ago | (#33290144)

I'd rather hear about a flaw like this after the fact frankly. I don't think an unpatched exploit needs the kind of publicity that /. would get it.

Re:How much more 'silent' was than other bugs? (1)

Securityemo (1407943) | more than 4 years ago | (#33290444)

As long as it reaches the security mailing lists, it has all the publicity it needs in terms of reaching "the wrong sort of people". Slashdot isn't exactly a timely or accurate source for whitepapers and public exploits. It would be like a criminal reading the NYT for information about illegal happenings and arrests.

Re:How much more 'silent' was than other bugs? (0, Troll)

psbrogna (611644) | more than 4 years ago | (#33290162)

Isn't that what "New Media" means; sensational?

Re:How much more 'silent' was than other bugs? (0, Troll)

stagg (1606187) | more than 4 years ago | (#33290192)

Isn't that what "New Media" means; sensational?

We require more Google hits!

Re:How much more 'silent' was than other bugs? (2, Interesting)

Rogerborg (306625) | more than 4 years ago | (#33290224)

Isn't that what "New Media" means; sensational?

Sure, because Legacy Media was so focussed on telling people what was important, rather than just what they wanted to... ooooh, OK! magazine have offered Linsday Lohan $1m for an exclusive - must read now!

Re:How much more 'silent' was than other bugs? (1)

Beelzebud (1361137) | more than 4 years ago | (#33291100)

Oh the humanity!

Re:How much more 'silent' was than other bugs? (4, Informative)

pclminion (145572) | more than 4 years ago | (#33290314)

Do the Linux developers put a news announcement out every time there is a bug

No, but all changes to the kernel are documented in the changelog. And security-related bugs are treated the same as any other bugs. They are not explicitly called out as being security related. Linus has been pretty clear on this in the past. A bug is a bug, period. The fact that it's security related is uninteresting (to him, at least).

I think that's a weird attitude but that's what we've got.

Re:How much more 'silent' was than other bugs? (0)

Anonymous Coward | more than 4 years ago | (#33290382)

Do the Linux developers put a news announcement out every time there is a bug

No, but all changes to the kernel are documented in the changelog. And security-related bugs are treated the same as any other bugs. They are not explicitly called out as being security related. Linus has been pretty clear on this in the past. A bug is a bug, period. The fact that it's security related is uninteresting (to him, at least).

I think that's a weird attitude but that's what we've got.

My interpretation is that it's a middle ground between "HEY EVERYONE LOOK AT THIS SECURITY FLAW" and "Nothing to see here, move along".

Anyone wanting to put a number on the amount of security flaws in Linux that have been found/updated can do so by looking through changelogs (and doing a tiny bit of research), but at the same time they don't make them publicly known until the fix is already available (as long as the distros package the new kernel quickly).

Re:How much more 'silent' was than other bugs? (2, Interesting)

tuffy (10202) | more than 4 years ago | (#33290500)

I don't think it's all that weird. For example, is a bug that corrupts one's filesystem less critical than a bug that allows unauthorized access? Is a root escalation bug more important than a bug that prevents one's video card from working? They all need to be fixed, but I don't think security implications entitle such bugs to special treatment.

Re:How much more 'silent' was than other bugs? (1)

m50d (797211) | more than 4 years ago | (#33290730)

With a security bug, there are benefits to keeping it secret until it's fixed, which is why many organizations will treat them differently.

Re:How much more 'silent' was than other bugs? (3, Insightful)

ultranova (717540) | more than 4 years ago | (#33291240)

For example, is a bug that corrupts one's filesystem less critical than a bug that allows unauthorized access?

More importantly, is there a difference? Red Hat 9 had - and perhaps distros still have - this nice system where cron would, once a day, run programs dropped into a directory in /etc with root privileges. Very useful for various packages that required periodical maintenance; but if a filesystem corruption bug would allow one to link an arbitrary file to those directories...

A bug means that a system behaves in a way it shouldn't. There's always the chance that such unplanned behaviour can be used by an attacker to do nasty things. There is no difference between security critical and other bugs, there's only bugs with known exploits and bugs without. Every bug is a chink in the armor, and every kernel bug should be considered security-critical.

Microsoft bugs (0)

Anonymous Coward | more than 4 years ago | (#33290408)

So they had a whole month to patch their bug, whereas Microsoft had only a week (albeit from the Google researcher)?

Re:Microsoft bugs (0)

Anonymous Coward | more than 4 years ago | (#33290582)

The researcher simply wanted a timeline to how MS would address it in a week.

Thanks for playing.

I'm not affected... (0)

Anonymous Coward | more than 4 years ago | (#33290240)

Because I run Windows as user SYSTEM.

Re:I'm not affected... (1)

Thinboy00 (1190815) | more than 4 years ago | (#33290498)

Because I run Windows as user SYSTEM.

To people who have no Windows familiarity (i.e. all sane people *ducks*): SYSTEM is roughly the same thing as root.

Is this news? (4, Insightful)

mspohr (589790) | more than 4 years ago | (#33290254)

Isn't this the way it's supposed to work?

1. Bug found, responsible parties notified

2. Bug fixed and software updated

3. We are protected from potential future attacks. (Profit!)

Was there an actual attack? No.

Re:Is this news? (3, Insightful)

jpapon (1877296) | more than 4 years ago | (#33290364)

Must be a slow day. Conspiracy articles about HAARP causing Moscow to burn, and an article about a security flaw that has been fixed. Fascinating stuff... What's next?

Re:Is this news? (1)

Nerdfest (867930) | more than 4 years ago | (#33290410)

Yes, and quickly in this case too, I think, with a fast fix, and then more solid changes later. You can never really tell whether there was an attack or not. There may have been something targeted at a very specific company, site, or person.

Re:Is this news? (2, Interesting)

Anonymous Coward | more than 4 years ago | (#33290640)

Quickly? This flaw has existed for 7 years.

Re:Is this news? (1)

marcello_dl (667940) | more than 4 years ago | (#33291522)

It could be there since linux 0.1, so what? all that it matters is that holes are patched when discovered or in the worst case when the first 0days exploits are detected.

Also thanks to the fact that there probably is no guy in business suit that decides when and if to disclose the vulnerability, I tend to think that this xorg problem was managed well enough.

Re:Is this news? (0)

Anonymous Coward | more than 4 years ago | (#33291546)

Quickly? This flaw has existed for 7 years.

If you get your 2 gram brain to work you will notice that this flaw, while present for long time, it is only known for a very short time. So, from the time it was known to the fix, it was indeed quick.

Now, lets go back to your spyware pop-n-close routine.

Re:Is this news? (0)

Anonymous Coward | more than 4 years ago | (#33291600)

From Time of detection? Yes. I concede I would have liked "Even More Quickly" given the scope of the vulnerability, but we've seen Microsoft vulnerabilities be reported and lie in their inbox for *years* before Microsoft was finally forced to do something about it because the researchers finally said "I've had it" and published.

So, yeah "Quickly".

Pug

Re:Is this news? (1)

dragin33 (529413) | more than 4 years ago | (#33290958)

Why is it that for every Microsoft vulnerability the many in the slashdot community has this "See? Microsoft.. Insecure." attitude but for every Linux vulnerability the same community will say There's no problem here.. It was patched. Move along. Linux is still secure. And my favorite "Linux doesn't have viruses." Sometimes those in the Linux community need a taste of reality.. mspohr; Yes this is news.. Just as much as Patch Tuesday is news.

Re:Is this news? (1)

dragin33 (529413) | more than 4 years ago | (#33291018)

Microsoft vulnerability.. *there are many* .. in the slashdot community that have* Sorry for the bad editing

Re:Is this news? (2, Insightful)

mspohr (589790) | more than 4 years ago | (#33291456)

Although this article was about a Linux potential vulnerability and not about Microsoft, you seem to think that Microsoft is treated unfairly with too much publicity. I guess the difference is that Microsoft, unlike Mac and Linux, does actually have thousands of virus infection vectors in the wild and they have been slow to patch their buggy software. It isn't particularly newsworthy when Linux patches a potential vulnerability (with no known exploit) promptly but it is news when Microsoft patches an old bug that has already led to thousands (? millions) of infected machines.

Re:Is this news? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#33291604)

Was there an actual attack? No.

Woah now junior, you don't know that.

There have been no reported attacks.

But now that its out there - it's up to people to update their kernel.

How fancy can you get? (2, Insightful)

gzipped_tar (1151931) | more than 4 years ago | (#33290454)

can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system.

The author who wrote this certainly didn't count SELinux as one of the "fancy" security mechanisms...

Re:How fancy can you get? (1)

betterunixthanunix (980855) | more than 4 years ago | (#33290618)

Actually, he did:

The attack allows even to escape from the SELinux's "sandbox -X" jail.

(From the announcement of the attack)

Re:How fancy can you get? (1)

gzipped_tar (1151931) | more than 4 years ago | (#33290852)

I wasn't referring to the jailbreaking from the Xephyr server in the sandbox. I meant to say that SELinux was exactly one of the fancy stuff that were supposed to protect the system from unknown vulnerabilities.

Yes, the attacker is able to break out of the sandbox and further escalate to root by attacking the Xorg server; but under a well-secured SELinux system the actual damage can be nullified by the SELinux mechanism because the attacker cannot escape from the security context even if he has root privileges. The attacker will be unable to access the resources that are not supposed to be accessed (e.g. making the stack executable) so the scope of the damage can be greatly limited.

Admittedly total lock-down of a system with SELinux is very difficult, but theoretically this is not impossible.

Re:How fancy can you get? (2, Interesting)

betterunixthanunix (980855) | more than 4 years ago | (#33290938)

Xorg throws a wrench into SELinux; just ask the Fedora SELinux policy maintainers. I still remember the days when my Fedora system would pop up SELinux warnings left and right because Xorg was trying to do something stupid and suspicious. These days, Xorg just gets exempted from SELinux policies in Fedora.

Root in the kernel == game over (2, Interesting)

benjymouse (756774) | more than 4 years ago | (#33291534)

I don't get this blind trust in SELinux can do what it was never intended to do. If you compromise the kernel - especially a monolithic kernel like Linux - it really is game over.

Practically every security check (and - yes - that includes SELinux extra hooks) are performed before the actual operation is performed with no kernel lock covering both. Which means that *all* of them are susceptible to concurrent access attacks.

It works like this: The malicious code invokes the syscall passing a structure, e.g. an inode but at the same time the malicious code starts a second thread which after a measured period (clockcycles) modifies the very same structure. By crafting this carefully the attacker can hit the "weak spot" between the security checks and the actual operation. It doesn't work every time due to obvious nondeterminism, but even a 30% hit rate will be exceptionally good in a mass attack.

And you cannot lock down the tools used in this scenario. All processes will need to access memory and spawn threads. Certainly browsers, X servers, pdf readers etc. do.

This is not a bug in the kernel. Avoiding this weakness would involve bigger locks and critical sections which would seriously impede scalability. It is just that the kernel was never designed to withstand attacks from within the kernel itself.

So please stop peddling SELinux as a silver bullet. Once an attacker is inside the kernel it really is game over. SELinux doesn't fix that. Nor was it intended to.

Running X.org on a server? (0)

Anonymous Coward | more than 4 years ago | (#33290594)

I dunno about a lot of admins, but running X.org on a server seems fraught with problems aside from this recent issue. Running things that are not necessary means less of an attack surface. Didn't microsoft finally get this with its latest server products?

What about distros? (0)

Anonymous Coward | more than 4 years ago | (#33290702)

So how many distros have so far packaged this fix up and released a new kernel package?

Good thing that Google Guy didn't find it (0)

Anonymous Coward | more than 4 years ago | (#33290732)

Wow, it is a good thing that Google researcher didn't find it. Since it took two months to patch the flaw, he would have posted it. So would a bunch of these other "wah, you are taking too long" grey hat zealots. According to the group think it is never supposed to take 2 months to patch Linux and other FOSS. It's actually too bad that they didn't just do the full disclosure method after a few days like the Google guy.

Re:Good thing that Google Guy didn't find it (0)

Anonymous Coward | more than 4 years ago | (#33290820)

You really should be modded redundant since someone posted the exact same thing futher up and someone else already replied..

The researcher simply wanted a timeline to how MS would address it in a week.

Thanks for playing.

Hmm interesting. (0, Redundant)

Beelzebud (1361137) | more than 4 years ago | (#33291048)

Let me just open up my PDF reader and see what thi

2 Months is Acceptable? (2, Insightful)

Arainach (906420) | more than 4 years ago | (#33291096)

Just a few months ago we were blasting Microsoft for taking five weeks to prepare the Ormandy patch. Now we discover that Linux has had a root-privledge exploit for years, was notified, and took two months to fix it, and we get comments like "Must be a slow day." Stay classy (and unbiased), Slashdot.

Re:2 Months is Acceptable? (0)

Anonymous Coward | more than 4 years ago | (#33291232)

So you obviously didn't see the two [slashdot.org] other [slashdot.org] people before you that said the exact same thing.. here it is again..

The researcher simply wanted a timeline to how MS would address it in a week.

So yeah, it's not at all similar, however many times you say it over and over in the thread.

Re:2 Months is Acceptable? (-1, Flamebait)

dch24 (904899) | more than 4 years ago | (#33291430)

Like you said: Microsoft took five weeks to prepare the Ormandy patch. During that time, they made no comment - there was no transparency into whether or not it would be fixed.

A local privilege escalation bug (so, what's the big deal? And it's been fixed for a while!) -- took two months to fix. Yawn.

We can review the public record to see that no less than Linus Torvalds worked on it. Not that that should matter, but there.

But, judging [slashdot.org] by [slashdot.org] your [slashdot.org] comment [slashdot.org] history [slashdot.org] you [slashdot.org] (Arainach) [slashdot.org] are a Microsoft [slashdot.org] shill [slashdot.org] and [slashdot.org] probably [slashdot.org] an employee.

Your Comments in the Past Year:
Anti-GPL w/o mentioning Microsoft: 2
Pro-Microsoft arguments: 9
Pro-Microsoft information: 1
One rant about WA-520 [google.com] : 1

Admit it. You are biased, but not classy.

Take no chances (1, Funny)

chrisdotwood (875539) | more than 4 years ago | (#33291102)

I would advise everyone to follow my lead and go back to Windows 98 to keep themselves safe

yuO fatil it!? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#33291392)

sadness And It was
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>