Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Local Root Exploit in Linux 2.4 and 2.6

michael posted more than 9 years ago | from the without-users-this-wouldn't-be-a-problem dept.

Security 795

Anonymous Coattails writes "Summary from the advisory: 'Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges.'"

Sorry! There are no comments related to the filter you selected.

Microsoft Commits $3.5 Million to Indian Ocean Tsu (0, Offtopic)

Hot Summer Nights (771962) | more than 9 years ago | (#11291455)

Microsoft Commits $3.5 Million to Indian Ocean Tsunami Relief Efforts

REDMOND, Wash. -- Dec. 30, 2004 -- The employees of Microsoft Corp. express their deepest sympathy to the hundreds of thousands of people affected by the Indian Ocean tsunami. In response to this tragic event, the company is announcing a commitment of $3.5 million (U.S.) in financial support for relief and recovery efforts.

"Our hearts go out to everyone who has been affected by this terrible tragedy," said Microsoft chief executive officer Steve Ballmer. "Microsoft is committed to helping governments and relief organizations in the recovery effort through financial donations, technical resources and volunteer support."

Microsoft's donation will include $2 million in immediate corporate contributions to local and international relief agencies. The company projects that its matching of employee charitable contributions worldwide will provide an additional $1.5 million in corporate donations to relief agencies.

"The outpouring of concern and commitment from our employees has been phenomenal. Our people all around the world want to help," Ballmer said. "If our employees contribute more than we are projecting, then our corporate donation would go up as well."

The company's donation announcement is an extension of efforts already underway by local Microsoft subsidiaries in the affected region and around the world. Immediately following the disaster, local Microsoft offices worked to respond in concert with local nonprofit agencies and other efforts on the ground. To date, the company has assisted with funding, technical assistance and other resources in Indonesia through Palang Merah (Indonesian Red Cross); in Sri Lanka through Sarvodaya; in India through MS Swaminathan Research Foundation (MSSRF); and in Thailand through the Office of the Prime Minister's Disaster Relief Fund.

Individuals who wish to learn more about how they can contribute may visit Microsoft's Web site [] for a list of agencies actively involved in the relief efforts. The Web sites direct the public to over 55 agencies, including the American Red Cross and International Federation of Red Cross and Red Crescent Societies, CARE, Doctors Without Borders, and UNICEF.

About Microsoft

Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at [] on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft's Rapid Response Team or other appropriate contacts listed at [] .

What, no remote exploit?!? (0, Troll)

BobPaul (710574) | more than 9 years ago | (#11291456)

Why is it every nearly Linux flaw is locally exploitable, where as every nearly every Windows flaw is remotely exploitable?

Maybe Microsoft figures most companies already do a good job of securing their physical servers...

Re:What, no remote exploit?!? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11291491)


Have you ever considered becoming a spinmeister for the Republican party?

Re:What, no remote exploit?!? (0)

Anonymous Coward | more than 9 years ago | (#11291545)

you mispelled democratic

Re:What, no remote exploit?!? (0, Flamebait)

the_mad_poster (640772) | more than 9 years ago | (#11291613)

You misspelled "I'm a product of inbreeding".

Re:What, no remote exploit?!? (0)

Anonymous Coward | more than 9 years ago | (#11291667)

You misspelled "misspelled". Takes a special breed of retard to accomplish that.

Re:What, no remote exploit?!? (4, Insightful)

Ly0n (594728) | more than 9 years ago | (#11291546)

since windows is more "single user" oriented, most local exploit flaws on windows do not get very much publicity.

For instance, shatter attacks are still a very large threat for multi-user windows systems

Re:What, no remote exploit?!? (1)

Anonymous Coward | more than 9 years ago | (#11291551)

This has got me thinking. The bug can only be caused by local users; does this include non-jailed programs like apache and postgresql. these all have non-root user accounts on most systems, could the apache user use this exploit?

Re:What, no remote exploit?!? (1)

zaffir (546764) | more than 9 years ago | (#11291605)

I don't see why not. Local roots are used for privilege escalation. If someone had access to the apache account on the machine, they could then gain root access.

Re:What, no remote exploit?!? (2)

the_mad_poster (640772) | more than 9 years ago | (#11291634)

It can be exploited by any user or process that can compile and load executables on the machine.

Re:What, no remote exploit?!? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11291552)

I'll give you that Window has it's holes. But to try to pass off Linux as being very secure just because someone else's OS has its own vulnerabilities isn't much of a supporting argument.

remember, Kim Sun Il (Former savior of North Korea) is backwards for "LINUS Makes Inferior Kernels"

Re:What, no remote exploit?!? (2, Informative)

iabervon (1971) | more than 9 years ago | (#11291582)

The linux kernel does very little interpretation of remotely-provided data. There are occasionally remote exploits (e.g. the Ping of Death in '97 or so), but that code has now been pretty thoroughly checked at this point. Most of the code which cares at all about the validity of data is interfaces only accessible locally.

Re:What, no remote exploit?!? (2, Insightful)

Michalson (638911) | more than 9 years ago | (#11291601)

Because Linux is a kernel, with no real knowledge or direct interaction with outside (remote) sources, while Windows is a kernel plus a GUI plus a ton of other services. Remote exploits aren't found in the Windows kernel, they're found in the application/service part of Windows, on the Linux side these buggy, infinitely exploitable services are given individual names like "sendmail" and "bind".

Re:What, no remote exploit?!? (2, Funny)

EnderWiggnz (39214) | more than 9 years ago | (#11291679)

you mean to tell me that people have found exploits in bind and sendmail?

no way - they're perfect open source programs. model programs, so to speak.

next, you'll tell me that x is a crufty, inefficient kludge.

Re:What, no remote exploit?!? (4, Interesting)

lakeland (218447) | more than 9 years ago | (#11291731)

Incidentially, the finding of exploits found in bind and sendmail has really slowed to a crawl.

It seems that, even though they were written in different times and without security as the first concern, a sufficiently large number of bug fixes will eventually result in code that is almost as secure.

Re:What, no remote exploit?!? (0)

Anonymous Coward | more than 9 years ago | (#11291726)

Because Linux is a kernel, with no real knowledge or direct interaction with outside (remote) sources

Download the sources one day kid, and examine the following directories carefully: net and drivers/net.

The Ping o Death is one example of a remote exploit (DoS in this case) that utilized kernel network layer vulnerabilities. There is no fundamental reason why remote code exploits could not exist in the kernel network stack.

Re:What, no remote exploit?!? (2, Informative)

Richard_at_work (517087) | more than 9 years ago | (#11291610)

Because 'Linux' exploits are kernel exploits, because Linux is a kernel, as people are so fond of pointing out, which actually has very little to do with remote entities other than the well looked at TCP/IP stack. Windows on the other hand is an Operating System, which includes things other than the kernel, including system daemons/services, user interface code, web browsers, and a whole host of other things.

Long story short, while it may be shoddy, MS Windows is a LOT bigger than Linux, and thus theres more to exploit. If you look at something like Redhat, which is a distribution, you have more of a comparison, and you will find remote exploits.

Re:What, no remote exploit?!? (0)

Anonymous Coward | more than 9 years ago | (#11291618)

There have been so many remote exploits in Windows that people tend to ignore the local exploits in the news (of which there are plenty). No piece of software is perfect, all we can do is keep working together to make it better. I would rather see our mistakes be local exploits than to be remotely exploitable.

Re:What, no remote exploit?!? (1)

csnydermvpsoft (596111) | more than 9 years ago | (#11291620)

Linux is just a kernel. A more accurate comparison is Linux distributions vs. Windows. Bugs are discovered all the time in application software that is bundled with many distributions. The difference, however, is that if there's a bug in a Linux app, you can uninstall/disable it until it is fixed, while many of the apps shipped with Windows can't be easily removed.

Re:What, no remote exploit?!? (1)

proverbialcow (177020) | more than 9 years ago | (#11291665)

It should be simple enough - if you have remote access to the machine already (i.e. you want to r00t a machine at school or whatever.) Log in, run the exploit from the shell, bingo bango bongo - you're root.

It's not like the code magically runs on your machine at home...

Better question (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11291685)

Why is every Windows flaw merely a shell exploit, while this is a flaw IN THE LINUX KERNEL?

It's time to pull the blinders from your eyes.

This proves it... Windows has better networking! (1)

scsirob (246572) | more than 9 years ago | (#11291690)

I mean, just look at it... Windows gets exploited across their network facilities. Linux never does.

Who's smiling now, eh?!? ;-)


Sexual Asspussy (453406) | more than 9 years ago | (#11291461)

ouououou. .ouououou
l l _|/
l l ." ".
l l /(o)-(o)\
/_)ll / )
l_)ll '- o . .
\_)l\ '.___.' / |\/|_.
l l \ \_/ / ._| '/
l_l\ \.___./ \ ) /
\ \_/\__/\__ l==l
\ \ /\ /\ `\ l l
\ \\// \l l
`\ /\ l / l
; ll l\____/
l ll l


Sexual Asspussy (453406) | more than 9 years ago | (#11291523)

Carolina Porfirio was 19 and part English with an Italian father, hence the name. She worked as an office girl for a company in the same building where I rented an office suite for my business in Nice, down the corridor on the same floor. All that follows happened shortly after I split up with Ginny Harris and was preparing to leave the Riviera to go to Spain. I was, by this time, a full member of the Riviera Rape Club and wanted to provide the club with a bitch we could abuse, torture and sex kill.

I chose Carolina because the young 5'4" cunt was gorgeous (in fact, she was stunning, a real head turner) and close enough to keep under observation for a while but far enough not to be connected with me. There was little chance her disappearance would be linked to me. I kept a watch on her for a couple of weeks and learned her name, age, that she commuted by train from across the border in Ventimiglia, Italy (only a 30 minute train ride), had no boyfriend, and jogged every evening. The jogging would explain the sexwhore's lovely athletic look. The jogging looked like the best opportunity to abduct my chosen sexbaby and that's how we got her.

As soon as we had the sexy bottom babe in a safe place (by this I always mean safe for the abuser, not the victim), we crowded around (there were 8 of us) to fondle Carolina's body still with her clothes on. I think this is very humiliating for a sex object to be fondled fully dressed. It is like being raped but with the added fear of knowing it is yet to happen. Then we ordered her to do a striptease for us. She tried to back away from us, shaking her pretty head and crying, looking down at the floor and saying "Nooooo" and "Pleeeeease!" over and over. It took a punch deep in her belly and a hard brutal kick from behind right in her teenage cunt, which sent her sprawling and retching on the floor, to change her mind.

It's interesting that even a tracksuit can look gorgeously sexual on an attractive love object, male or female. Carolina was wearing a powder blue track with a pale pink stripe over the left shoulder and down the body, repeated in the trouser part to the ankle. On her small pretty teenage feet she wore white and bright pink reeboks and dayglow pink cotton anklesocks. After fondling the 19 year old whoregirl with her clothes on, we made the babybumsex bitchgirl do a striptease and dirty dance for us. I lied to the pretty bumbaby, saying that we'd also kidnapped her kid sister (an 11 year old ugly duckling, quite unlike her delicious big sister) and would kill it if she didn't perform for us and obey all our commands completely and immediately, no matter how disgusting and evil she thought them. I told her to leave the reeboks and the cute little sexy sox on. In fact, the fat bottom girl Carolina wore them throughout her terrible ordeal, and died with them on.

Following the dirty dancing, throughout which Carolina cried her lovely blue eyes out, we made her stand with her hands on her pretty head so we could all feel and fondle her nude body all over. Then I made the fucking babysex kneel down so that we could take turns in front of her pretty face.

Each man was allowed to present the teenage whore with either his penis or his bum, but not both. Most gave her their cocks to lick and kiss, but I was one of only two presenting her with our big bums, making the lush childwoman lick up and down our dirty cracks and kissing our bottom holes. It's hard to describe the feeling of it to someone who hasn't experienced the wonderful sensation of killing a very sexy looking girl (or boy). I'm not in the least sorry about doing it. She deserved to be murdered for being so lovely and sexual, for being a very pretty young female and for having a gorgeous body. I am sorry only that I've not done it more than once. There are so many I would love to have killed, girls and boys, women and children. Among these are my ex-wife Elaine, a number of ex-girlfriends from my earlier years including Doris, Maggie, Patti and Mary, and, more recently, Laura Green and her children, Lindy Sutton and hers and, of course, Ginny Harris, her sisters and her lovely little boys.

Anyway, back to Carolina Porfirio. We kept Carolina alive in captivity for 15 days. After the stripping and rude dancing scene on the first day, the only clothes the sexy cunt was allowed to wear until she died were her little white and pink reeboks and her bright pink ankle socks. I think it is important to strip condemned beauties of all their dignity. They have no rights, anyway. His or her life is entirely in your hands and you learn very quickly to play the dirty cunt's emotions like a musical instrument. It's half the pleasure of working your way up to murdering them.

We used Carolina for sex and humiliation games for about 5 days during which we raped her many times in all her holes, often brutally gangraping her. As well as her gorgeous tight teenage vagina, we used her fat young bottom and her pretty mouth, her nose and her ears. I was thrilled to discover the fucking little bitch was a virgin throughout her body and I was the first, and among the last, to use her luscious fuck holes. On one occasion, the child woman had a man in her cunt, another in her bottom, two men alternately fucking her mouth, one trying to push the knob of his penis in her nostril, another spurting his cum in her right ear, and a cock in each hand to be wanked. She often had her titties fucked and the resultant spunk sprayed on her face as a punishment for having such lovely young teenage breasts with nipples. She was fucked in her armpits whilst being made to look at the horrible prick poking out from between her arm and her lush young body, and hold her cute face as close as possible in order to receive the shower of gooey white sperm on her tongue. The teen goddess was fucked between her closed athletic legs and along her deep bottybobo poopoo crack. We even managed to squirt spunk into her teeniegirly urethra via a fine hypodermic needle.

Another fucking I gave her several times is one I particularly like for its deep humiliation factor. I've done this to many of my victims, male and female. It is essentially a matter of fucking her or his face in a literal sense. You need to make the sex toy lay down or sit with her/his head back against a wall or seatback so that you can create friction on both sides of your penis as you press your belly against the victim's face. You lay your cock against her cheek with your balls near her mouth so she can lick them and your knob right next to her eyes above the bridge of her nose and then you jerk your whole body up and down in short fast strokes until you cum on her eyes (or in her hair, if you've got a long cock). A nice variation is to make her lay on a table and stand behind her head so that you can lean across her and lay your penis in the opposite direction with your knob above her lips, allowing you to squirt your filth in her mouth or all over that part of her face.

Days 5 to 9 were largely filled with canings, whippings, beatings and kickings combined with painful and humiliating bondage and suspension. On day 9 we began to torture Carolina. I won't tire you with what would be a long list of all the nice, loving and very painful and humiliating things we did to her gorgeous body but would like to tell you about the needles in her fat spunkbags (200 in each chest baby), in her vulva, inner and outer cunt lips, vagina and inner thighs (over 500 used in this area including many inside her cunthole and two long ones forced through her cervix into her filthy babybag), in her big soft, full bottom cheeks (200 in each) and around her tiny bumhole (50), in her shoulders and upper arms (100 in total), in her calves (50 in each), in her belly (300 including 50 long ones directly inserted through her bellybutton) and 100 in her beautiful teenage face (through her eyelids, nostrils, tongue, lips, earlobes and cheeks). Although I like pretty well every torture ever invented, I think I love needles the most especially when they're used in huge quantities as on Carolina. Her screams and whimpering were so sexy to hear and her uncontrollable shaking with fear beautiful to see. Especially nice was when she began to hyperventilate from the combined effects of fear and pain.

Although Carolina thought that we wouldn't kill her because she was performing to our requirements, the tortures on days 10 to 14 quickly became more and more extreme. We were careful with our games because we didn't want her to die from any of the stresses on her lovely body until the day we planned to murder her, day 15. One of the most amusing of the extreme tortures was the steaming of her uterus. I forced one of those women's steam curling tongs deep into Carolina's slimy cunthole and pushed the top four inches of it through her (by now badly damaged) cervix into her filthy uterus, then turned it on full. As soon as it was at its top temperature (she was already screaming from the searing of her cunt flesh), I pressed down on the steam control and held it down for a full five minutes until all the water was used up pouring into her vagina and uterus as boiling hot steam. Delicious screaming and, amusingly, she involuntarily pood herself. I enjoyed feeding it to her on a spoon.

On the 14th night, I had Carolina kneel before her masters and told her that we would decide this night whether or not we would kill her the next day. I told her that she may plead for her life and, if she did it well, we might consider letting her live. That was a wonderfully erotic evening listening to the child woman crying and screaming, begging and pleading for her life. She promised so many idiotic things, many of which we'd already done to her magnificent body. At the end of it, we all fucked her one last time, each of us choosing one hole (I buggered her laying on top so I could look into her eyes as I told her the methods we were going to choose from for her execution - this prompted yet more begging which helped me to explode in her pretty bottom one last time).

On the morning of day 15, the last day of lovely Carolina Porfirio's short life, I went with my colleagues to its cage and, after unchaining it, made the whore stand with legs wide apart and hands under its breasts holding them up and out for us to see. A mirror was placed behind her so we could see her lovely bottom. Then I told the curvy, pretty teenage girl that I had decided she would be murdered later that day. She immediately began screaming and wailing, sank to her knees and crawled forward to kiss my feet and up my legs to my penis in an endearing bid for mercy. She pood herself again and lost control of her bladder. Before any pleas for mercy were to be considered, the lovely child woman was ordered to lick up her disgraceful mess on the chamber floor.

That morning, while we 'considered' her plea for mercy, she agreed to a torture hysterectomy. One of my colleagues was a retired doctor who'd specialised in gynaecology and he led the fun operation. Everyone got a turn to do some cutting inside Carolina's young body, but the doctor had control in order to keep the cunt alive for her execution later in the day. He did so well, I gave him a very expensive bottle of rare wine as a thank you gift. Especially, as he saved just for me the final exquisite moment of the poor girl's mutilation, the removal of her uterus and ovaries from inside her nubile young body, her hopes of having children in a bloody tangle of bits and pieces of mangled flesh which I pulled from between her legs and trailed up her body to dangle over her beautiful, sobbing pale face. As the blood dripped onto her lips and her most intimate sex meat dangled over the bridge of her nose and in her beautiful blue eyes, Doc went to work inside cauterizing the wounds to prevent the bitch from bleeding to death or going into shock. God, that was such a loving and sexual moment, almost as good as taking the young whore's life itself.

At this time, Carolina thought she had just paid the price for keeping her useless fucking stupid life. With the bleeding stopped plus some emergency surgery on what had been her cervix, and pumped full of suppressant drugs, Carolina was allowed to rest for an hour. Meanwhile, her uterus, ovaries, vascular tissue from the cervical area, and chunks of flesh from the lining of her vagina were gently braised on a griddle. When it was cooked enough to make it tender, we fed Carolina her own internal sex organ piece by piece. The pretty whore (now only half a woman) was pumped full of adrenaline and other stimulant drugs. I told her that she could be shown no mercy, since she was a female sex toy, and a very pretty one at that, and we would kill her in precisely one hour.

The fucking pretty teenage whore didn't scream and wail at this news. Instead, she lost all colour and swooned, almost losing consciousness. Only the drugs in her system prevented the lovetoy from fainting. She looked as though she knew this was coming but, even so, couldn't believe it was happening to her, like it was a nightmare from which she would wake up at any moment. I ordered the cute bitch to walk to the execution chamber. This was, in fact, just another room in the basement chambers in which we had set up a wooden platform with a rope noose hanging above it from an overhead beam. She gasped and cried when I gave her this command but meekly obeyed. She was made to wiggle her bottom as she walked and to hold her fat young breasts in her hands. As she entered the chamber, the first thing she saw was the rope noose which shocked her so much she cried out again and fell, sobbing uncontrollably, to her knees.

The noose was actually merely for effect. Much as I like hanging, I had another more interesting, cruel and humiliating death in mind for Carolina. A swift, hard kick to the filthy slut's kidneys sent her sprawling on the chamber floor, retching. She was dragged along the floor by her pretty blonde hair to a wooden frame against the wall and facing the noose. Carolina was bound to the frame by her wrists and ankles and all we all gathered round to watch her darling angelic teenage face as I read the charges to her.

I remember the words as if I'd spoken them yesterday. "Carolina Porfirio, you are guilty of being 19 years old, being a sexually attractive whore, having a gorgeously pretty face and a beautiful, lithe body, of having large breasts, a tight, slimy cunt, a big, pert bottom, and gorgeous long legs. You are also guilty of having no uterus inside your body. Moreover, you are guilty of being a filthy little teenage whore, a beautiful female sex toy slut. Worst of all, you have, for the last 14 days, been showing your gorgeous big filthy body to men. You are a dirty little girl, a fat young tart. And for these reasons, I condemn you to die. You will give your life for our pleasure, Carolina. You will be killed in thirty minutes, lovegirl. You now have the opportunity to save your sister's life, Carolina, although not your own, by agreeing to eat the meat out of your fat teeny tittiebags."

Pleading with us not to kill her kid sister, the teen bitch agreed to eat her own titmeat, although she hadn't a clue what this meant. She didn't have to wait long to find out. Her breasts were cut open with the slice of a razor sharp scalpel in a straight line from her chest to the nipple of each bobo and both tits were opened like the petals of a flower. The female was so full of stimulants that the shock of having her tits cut open would be unlikely to kill her or even make her faint for quite a while. Using a spoon with a crafted razor sharp edge, I dug into each spunkbag in turn digging out titmeat and fatty tissue and fed it to her. The sharp edge of the spoon cut the inside of her mouth as she sucked the bloody mess off the spoon and swallowed it. Feeding Carolina her own breasts took about 10 minutes. We stuffed them with those soft, spongy things plastic surgeons use for enlarging bitches' tits. This seemed kind of funny, and we all had a giggle at it. Doc sewed up the tits as best he could, and then we led Carolina to the noose.

She was shaking with terror and began to plead one last time not to be killed. We stood her on the platform, tied her hands behind her back and put the noose around her neck. She was screaming and struggling and trying to kick us. That was nice to watch. Her ankles were then tied by cords to metal rings on either side of the platform, stretching her pretty legs to their painful maximum. At this point, the murder method was unveiled. Carolina thought she was going to be hanged but I wanted her to suffer real terror, pain and utter humiliation in her pretty death.

Mirrors were arranged behind and in front of her. Behind, so that we would have a good view of her bottom during death. It's always good to watch a sex toy's bottom during murder, to see the way it moves, especially its wobble, and to see what comes out of the anus. Nice also to glance at the legs from behind and the curve of the creature's back. In front, because we wanted Carolina to be able to see exactly what was being done to her.

Carolina Porfirio was now in the last few minutes of her life as I opened a small trap door in the platform immediately below the teenage whore's genitals. Then, stepping to the side of the platform, I inserted a metal handle into the ratchet at the top of a post which had just been inserted into a socket in the floor. By turning the handle, I was winding an orchestration of cogs and drives which produced a narrow steel shaft from the trapdoor between her legs. The shaft was about an inch in diameter brandishing a sharp point and tiny steel barbs each about a quarter of an inch in length and pointing in all directions. I quickly wound the shaft up to meet Carolina's wriggling cunthole then, leaving a colleague to drive the shaft, I went round to her front to guide the vicious steel shaft into Carolina's young body. The noose was tightened around her neck to make her body movements as dangerous as the shaft which was about to enter her vagina. Wearing a safety glove to protect my hand, I grabbed the shaft and two others helped to steady Carolina's shaking, struggling body. With my other hand, I opened her fat, sticky cunt lips. The rising shaft was now easy to guide into Carolina's young body. An inch inside the screaming teenager, the shaft had purchase on her cunt flesh and would now plough its own path as the drive mechanism forced it further and further inside her, through the remains of the place where her uterus had been, into her stomach and through her diaphragm.

Without careful guidance and a good knowledge of anatomy, the shaft could penetrate either lung or her heart or pass between them. Whilst, with Doc on hand, we had adequate anatomical knowledge, and we could, with his help, easily guide the shaft past her vital organs, my decision was that the shaft should be allowed follow its own path. It, in fact, penetrated one of her lungs, evidenced by the sudden spurt of pink and red foam from her mouth. Blood was also pouring down her lovely legs and the shaft itself. It finally came out of Carolina's long pretty neck just beneath her chin. I was thrilled to see she was still alive, if barely. Rather than let her drown in her own blood in her perforated lung, I asked for a bowie knife and plunged it into her belly, slashing around in there to sever her organs. We all came on Carolina's face as she died.

*sits back* (3, Funny)

Anonymous Coward | more than 9 years ago | (#11291463)

*awaits justifications and explanations of why this is nothing like Microsoft*

Re:*sits back* (5, Funny)

ackthpt (218170) | more than 9 years ago | (#11291506)

*awaits justifications and explanations of why this is nothing like Microsoft*

Because in this case Linus Torvalds is our new overlord, and I for one, welcome him.

Re:*sits back* (1, Informative)

BobPaul (710574) | more than 9 years ago | (#11291516)

Well, it's only a local exploit for one thing, so good like getting rampant Blaster style viruses based on it..

Second, it'll probably be patched rather quickly.

Third, it's one of a few holes, compared to the one of many holes found in windows...

Re:*sits back* (0)

Anonymous Coward | more than 9 years ago | (#11291534)

Fourth, when will the patch be available? In six hours. You don't have to wait until November for the next service pack.

Re:*sits back* (4, Interesting)

Anonymous Coward | more than 9 years ago | (#11291559)

Second, it'll probably be patched rather quickly.

I can only laugh out loud. Read this story [] for example.

dude (1)

toiletmonster (722398) | more than 9 years ago | (#11291624)

dude i'm not going to read all that crap. give me a freaking summary.

Re:dude (2, Informative)

Anonymous Coward | more than 9 years ago | (#11291711)

Summary for the lazy ones: These are four of the probably uncounted bugs which are known for months (if not years), reported to the maintainers but are still unfixed. Yes, we're speaking about the Linux kernel.

Re:*sits back* (0)

Anonymous Coward | more than 9 years ago | (#11291517)

all your root are belong to us

Re:*sits back* (0)

Anonymous Coward | more than 9 years ago | (#11291595)

Funny? I think you missed the "flamebait" button.

*one* Linux exploit is *news* for M$ it's a *goal* (0)

Anonymous Coward | more than 9 years ago | (#11291615)

One exploit in Linux is news.

Merely one exploit for M$ is a goal they hope to acheive sometime before the sun turns into a red giant.

Re:*one* Linux exploit is *news* for M$ it's a *go (1)

unixbugs (654234) | more than 9 years ago | (#11291713)

and look at the amount of code it took. at least it aint javascript...

I'll give you one (-1)

Anonymous Coward | more than 9 years ago | (#11291709)

This is an exploit in the actual kernel itself. Windows flaws are either shell exploits or, more often, user-ran executable attachments which aren't Microsoft's fault. I repeat--flaw in the kernel itself. And it isn't the first one.

I know this isn't the popular, "funny" response on Slashdot where everything involving Linux is good (BSD is better anyway) and Microsoft is bad, but it's the truth.

fp! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11291464)

first post?


So I guess the question is... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11291465)

Does this exploit run Linux?

RUCAS IS A FAG (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11291467)

GNAA rules, that is all

Copyright Poo Poo (5, Interesting)

Anonymous Coward | more than 9 years ago | (#11291472)

Read down to the Credits on the link and you see this line:


Paul Starzetz has identified the vulnerability and

Did I violate you buy hitting ctrl-c and ctrl-v? Yeah copyrights stink even in free and open source realm. Oh yeah I guess Polly boy has something to put on his resume now as if someone else was going to steal his glory and get away with it.

FreeBSD (0)

Anonymous Coward | more than 9 years ago | (#11291734)

No local root exploits found!
That's why I run FreeBSD ;)

fp, use bsd (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11291473)

fp, use bsd

first root (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11291476)


I suck.

Hear that sound? (0)

Anonymous Coward | more than 9 years ago | (#11291481)

That's the sound of a thousand Microsoft fanboys typing up their "LOLOL!!! Lunix is teh sux0r 2!!!" messages.


Re:Hear that sound? (1)

Triumph The Insult C (586706) | more than 9 years ago | (#11291668)

s/fanboys/Vice Presidents/

Just like old times. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11291484)

Just like old times.

That's why MS will rule the world. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11291488)


Re:That's why MS will rule the world. (2, Funny)

spac3manspiff (839454) | more than 9 years ago | (#11291586)

Mod parent -1 denial.

Ahh... (0)

Anonymous Coward | more than 9 years ago | (#11291490)

The sweet sound of sysadmins sweating. Or is that smell?

I sicken me.

Re:Ahh... (0)

Anonymous Coward | more than 9 years ago | (#11291628)

I assure you, if it was a smell, that smell would most definitely not be sweet...

There's more where that came from... (1)

sanityspeech (823537) | more than 9 years ago | (#11291493)

I always thought that NAT and bastille would be enough. I never considered the risk of this sort. Worse yet, it seems that the reported exploit isn't the only locally exploitable flaw []

What's an admin to do?

from the without-users-this-wouldn't-be-a-problem dept.


Then, methinks: "I'll just apply a patch..."

It turns out that patches [] do NOT always fix the problem.

What's an admin to do?

How the hell (3, Funny)

BoomerSooner (308737) | more than 9 years ago | (#11291498)

How do people find this stuff? Amazing. Open source is astounding.

When do I get my kernel update?

Re:How the hell (1)

PornMaster (749461) | more than 9 years ago | (#11291558)

Have you tried

Oh, wait. This is Linux. You'll have to reply to 5-10 questions before we can offer an answer. :)

Re:How the hell (1)

BoomerSooner (308737) | more than 9 years ago | (#11291650)

I meant when. Whoops!

Re:How the hell (3, Funny)

pasde (657790) | more than 9 years ago | (#11291705)

When do I get my kernel update?

No worry. I ve already installed it for you.

AHHH (0)

Anonymous Coward | more than 9 years ago | (#11291499)

shutdown -h now

Did Micro$oft buy out Linux? (0)

Anonymous Coward | more than 9 years ago | (#11291503)

earlier story of security flaws in Mozilla, root exploits in Linux?

Must be the work of Mr. Gates

Failed on RHEL (2, Informative)

SuperQ (431) | more than 9 years ago | (#11291504)

I compiled included code at the end of the advisiory, this was the output on RHEL 2.4.21-20

% ./test

[+] SLAB cleanup
child 1 VMAs 65525
child 2 VMAs 65392
[+] moved stack bfff8000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xdf400000 - 0xfe5f2000
Wait... -
[-] FAILED: try again (Cannot allocate memory)

Re:Failed on RHEL (3, Interesting)

ericzundel (524648) | more than 9 years ago | (#11291540)

I tried it on a couple of boxes. It tries to exploit a race condition, so it won't necessarily work all the time. However I have tried it a few dozen times and haven't gotten it to work yet. (One RH 7.3 box and one RH 9.0 box)

Re:Failed on RHEL (5, Interesting)

ericzundel (524648) | more than 9 years ago | (#11291564)

Hmm. right after I posted that, it came through on the RH 9 box:
./elflbl -n2

[+] SLAB cleanup
child 1 VMAs 65527
child 2 VMAs 65527
child 3 VMAs 65527
child 18 VMAs 63322
[+] moved stack bfffb000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xdf800000 - 0xfedbb000
Wait... \
[+] race won maps=49205
expanded VMA (0xbfffc000-0xffffe000)
[!] try to exploit 0xe2d25000
[+] gate modified ( 0xffec903c 0x0804ec00 )
[+] exploited, uid=0


Re:Failed on RHEL (1)

fucksl4shd0t (630000) | more than 9 years ago | (#11291725)

[dave@davefancella Projects]$ gcc -O2 -fomit-frame-pointer elflbl.c -o elflbl
elflbl.c: In function `scan_mm_start':
elflbl.c:425: error: storage size of 'l' isn't known
elflbl.c: In function `check_vma_flags':
elflbl.c:545: error: label at end of compound statement
elflbl.c: In function `scan_mm_start':
elflbl.c:425: error: storage size of `l' isn't known
[dave@davefancella Projects]$ cat /proc/version
Linux version ( (gcc version 3.4.1 (Mandrakelinux (Alpha 3.4.1-3mdk)) #1 Fri Oct 1 12:53:41 CEST 2004

Mandrake 10.1

Re:Failed on RHEL (0)

Anonymous Coward | more than 9 years ago | (#11291673)

try while true ; do ./test -f ; done

and it does not work on 2.6 (never intended)

won't be exploted here! (5, Funny)

Dominatus (796241) | more than 9 years ago | (#11291511)

It's a good thing I've got the patch downloa

Stop posting exploits. (0, Troll)

SlashdotTroll (581611) | more than 9 years ago | (#11291524)

If you want to help Linux' adoption, STOP posting information on the exploits! Learn from Microsoft: hide your rotten eggs on Christmas, to be found on Easter.

Michael, get a clue [] and stop posting this stuff. Some people have pleasure on wreaking havoc on vulnerable computers, and you are no different than a terrorist if you say otherwise.

Re:Stop posting exploits. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11291699)

Troll or not, not posting will just end up with more vulnerable boxes.

Short-term vulnerability in retrun for media coverage and quick patching, or long-term vulnerability while those "in the know" freely exploit.

Former, please. :)

Luckily... (-1, Offtopic)

slungsolow (722380) | more than 9 years ago | (#11291526)

Linux is awesome


Wow... (1)

binderhead126 (809883) | more than 9 years ago | (#11291530)

Who ever found this must really know what they are looking for. Since it is local though, it just goes to show that strong passwords and encryption are essential, as well as physical box security so Th0Z L33t Hax0RS d0N'T Hax0r yEr B0X0r.

Re:Wow... (1)

BlurredWeasel (723480) | more than 9 years ago | (#11291656)

except you know, when you have users...

Once again... (2, Interesting)

Sheetrock (152993) | more than 9 years ago | (#11291538)

A2M swapping rears its ugly head. This semaphore system has worked well to date, but perhaps should be mandated (i.e. code will not work unless a semaphore is set.)

They've got a pretty good record. Unfortunately, kernel-level stuff is nasty -- how do you fix embedded devices?

Re:Once again... (1)

CharlieHedlin (102121) | more than 9 years ago | (#11291612)

Embeded devices probably aren't much of a concern. most run everything as root anyways.

Re:Once again... (0)

Anonymous Coward | more than 9 years ago | (#11291715)

Embeded devices probably aren't much of a concern. most run everything as root anyways.

Having worked on MANY embedded devices, I would like to say that you have no idea what you're talking about. A simple user account, without a login shell, is the norm.

Re:Once again... (2, Insightful)

grub (11606) | more than 9 years ago | (#11291614)

how do you fix embedded devices?

Shouldn't be much of an issue, most embedded devices don't have user accounts.

Embedded devices? (2, Insightful)

rewt66 (738525) | more than 9 years ago | (#11291698)

How do you fix embedded devices? Um... you mean how do you update/patch the code on the embedded device so that a local user can't escalate to root?

First of all, for many embedded devices, this isn't an issue. I mean, if you're an attacker, what are you gonna do once you get root? If the owner can't patch the OS, you probably can't install a rootkit either. Sure, you can DOS it, but if you're physically at the device, you can DOS it just by hitting the power button.

However, manufacturers of all embedded devices (not just Linux-based!) should definitely put a mechanism in place for updating the program code.

My gun is ready. (1)

tirenours (583610) | more than 9 years ago | (#11291549)

I'll shoot anybody who come 100 meters close to my machine*.

Now, that's security!

* May not be true

Re:My gun is ready. (0, Offtopic)

binner1 (516856) | more than 9 years ago | (#11291720)

How is the post office these days? <grin>


Re:My gun is ready. (1)

lack1uster (627987) | more than 9 years ago | (#11291733)

They can just ssh and exploit. Unplug it until I email you the patch ;).

Funny you should mention... (3, Funny)

Yaa 101 (664725) | more than 9 years ago | (#11291553)

I need no exploit to gain root privileges, I just login...

Re:Funny you should mention... (0)

Anonymous Coward | more than 9 years ago | (#11291581)

Win98, eh? Solid as a rock, I hear.

Re:Funny you should mention... (0)

Anonymous Coward | more than 9 years ago | (#11291603)

You shouldn't be logging in as root, unless you're not very brilliant...

Re:Funny you should mention... (1)

binderhead126 (809883) | more than 9 years ago | (#11291607)

Wow, you mean your normal account is root?!?! You must feel pretty confident that no one will crack your password. Running an account like that in Windows XP is just asking to get digitally raped. Linux may not be crack proof but at least is fairly secure...

Re:Funny you should mention... (1)

garcia (6573) | more than 9 years ago | (#11291660)

Bah, logging in sucks. I just use the sudo hack to gain root access...

garcia@shitbox:~$ sudo su

woot, the hack works like a charm. They should really include the C source for the hack so all the kiddies can use it.

Re:Funny you should mention... (1)

Yaa 101 (664725) | more than 9 years ago | (#11291712)

lol... you are the only one that understands that I have a Linux machine...

The score so far... (1, Insightful)

schmidt349 (690948) | more than 9 years ago | (#11291589)

It's a straight fight so far in the Privilege Escalation match in the past year, so let's look in on our contenders:

Windows (all versions) 100
Linux 1

It looks pretty bad for Linux until you consider that this game is scored like golf, and then it's all tears and jeers in Redmond.

Back to you, Cowboyneal.

(NB. I know there have probably been other Linux kernel exploits, but this is the first in recent memory.)

Typical biased Slashdotter numbers (3, Insightful)

Anonymous Coward | more than 9 years ago | (#11291730)

Right, let's compare the flaw in a single kernel versus the ENTIRE OPERATING SYSTEM of Windows, GUI, shell, and associated apps like Internet Explorer as well as user-ran executable attachments in Outlook, which have nothing to do with Microsoft.

What happened to all the "Linux is just the kernel" stuff? Oh, that's right, we were bashing Microsoft.

Besides, if you mean "past year" as 2005, then this means Linux is first out of the gate.

lets hope no-one discovers (2, Funny)

Anonymous Coward | more than 9 years ago | (#11291594)


Interested (0, Flamebait)

COMON$ (806135) | more than 9 years ago | (#11291597)

I think it would be interesting to see a comparison between the number of linux users and exploits found versus the number of Windows users and exploits found.

It is logical to think that a larger number of users will find a larger number of exploits and bugs. But will the ratio be less for linux.

I just want to know if we would see more of these posts about linux exploits if linux had a bigger audience.

Re:Interested (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11291631)

its difficult to compare windows vs linux. in a scientific fashion atleast:

Do you include the bundled software on your average linux distro...

Kernel to kernel would be interesting.

Re:Interested (1)

gnuLNX (410742) | more than 9 years ago | (#11291688)

I would wager that if the world switched to linux tommorrow then next week we would see a fairly large number of new exploits. Would it be as many as windows...or would they be as damaging? I don't know. But I do believe that being open source would allow the said exploits to be fixed within a couple of weeks of discovery and certainly the next kernel release would be much safer. just my guess tho.

This could help (2, Interesting)

datadriven (699893) | more than 9 years ago | (#11291622)

... if I forget my root password.

Local Access is always a trump card (4, Interesting)

Delusional (574271) | more than 9 years ago | (#11291633)

Is there ever a time when you can consider your systems secure against an attacker with physical access?

Re:Local Access is always a trump card (1)

Wyzard (110714) | more than 9 years ago | (#11291701)

"Local exploit" just means you need an account on the system, not physical access. You could log in over a network using SSH or Telnet and exploit this.

Re:Local Access is always a trump card (4, Insightful)

rjstanford (69735) | more than 9 years ago | (#11291721)

Well, yes and no. There's a difference between being vulnerable to those with physical access (pretty much always true, but very limited) and vulnerable to those folks with the ability to run something on your machine locally (fewer than true remote users, but much higher in number than those folk with actual physical access). All you need for this exploit is a way to run unpriv. code on the machine. Note that using a network exploit to run said code is a great way of gaining access - suddenly the fact that your webserver is running as "nobody" doesn't really matter any more.

Groundhog Day! (0)

Anonymous Coward | more than 9 years ago | (#11291649)

Is it just me, or does Linux really have daily exploits in contrast to Mac OS or the BSDs?

makes me chuckle. (0, Troll)

Canuck in Seattle (839246) | more than 9 years ago | (#11291676)

all the linux zealots vs all the MS zealots. When will everyone realize that humans are inherently flawed beings who produce inherintly flawed products from cars that run using fire and that rust, to operating systems chock full of flaws. Once linux gains enough momentum and is deployed on a meaningful percentage of business users desktops, hackers will deem it worthwile to devote time to exploit it. its absurd to think that any opeating system is so head and shoulders above anything else. its only a matter of time. get off your soapboxes. Why is using MS update any different than downloading this new linux fix? the doublestandards on display at /. never cease to amaze me. -r sig pending

Local vs. Remote (2, Interesting)

Gherald (682277) | more than 9 years ago | (#11291680)

Obviously if it is local if it is exploitable from the console. But can it be exploited remotely through ssh if one already has a user account?

Re:Local vs. Remote (4, Informative)

rewt66 (738525) | more than 9 years ago | (#11291736)

In this context, that's what "local" means: That you have a local account, even if you are accessing it with telnet or ssh.

A "remote" exploit is one that can be used by someone who has a network connection to the machine, but no account on it.

Again? (0)

Anonymous Coward | more than 9 years ago | (#11291681)

Uptime sure ain't no argument when talking about Linux anymore

*patching servers*

Only in select modules? (3, Insightful)

Leadhyena (808566) | more than 9 years ago | (#11291716)

Doesn't this only work if you compile the ELF and a.out support into the kernel, or am I mistaken? If so, it's just yet another reason to be VERY CAREFUL what you enable in the kernel when you compile it, lest you enable something that you don't need and is yet exploitable.

I should mention that enabling ELF format is still highly recommended (after the patch for this is released of course) and unless you do special programming work in linux then enabling a.out format is not recommended.

making APIs secure takes time (4, Insightful)

jeif1k (809151) | more than 9 years ago | (#11291727)

"uselib" is a Linux-specific extension, and, as a result, has received much less real-world testing than traditional UNIX system calls. Keep in mind that the traditional UNIX system calls have received millions of man-years of real-world testing in large user communities likely to attempt both remote and local exploits. It is not surprising that Linux-specific extensions are at a much greater risk of containing serious security problems.

Distribution restrictions (4, Insightful)

cperciva (102828) | more than 9 years ago | (#11291728)


Is it just me, or is this mind-bogglingly stupid? A security advisory which can't be redistributed freely? Imagine if the same approach was taken to important warnings in the real world -- "There's a tsunami heading towards you... but you're not allowed to redistribute this warning to all the people around you without my permission."

Security advisories should be in the public domain.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?