LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Blogs > In The Middle Of Nowhere [edK's blog]
User Name
Password

Notices

In The Middle Of Nowhere

Life, universe and everything...
--
Blog title (C) Orbital
Rate this Entry

Help prevent kernel and software cracking: reminder

Posted 01-13-2010 at 07:01 AM by Web31337

I've made this post as a reminder, to link to it from forum.
Probably, if you were linked here, you had troubles when someone gained root at your system.

The problem I'm writing this post about is kernel/software cracking.
Many people had troubles with crackers who gained root at their servers or desktops. Some of users had all permissions and privileges set up correctly but still got kernel BOF'ed and rooted.
For instance, let us take most exploitable vulnerability, discovered @ summer 2009 in all kernels 2.4 and 2.6 with sock_sendpage().
I've seen and heard many reports that is widely used and many computers already been cracked with sploits for this vuln, freely available on mw(everyone knows that site).
The time of that may already passed, but there are many other undiscovered vulnerabilities in the kernel, I guess. Some of them are still kept(and will be) private, but that doesn't mean they cannot be exploited.
So, what I'm asking about from you is to help investigation, in case you have all software(and kernel) up-to-date, permissions set correctly and you still got cracked and rooted.
If you have time, if you are interested to help Linux and it's users, please provide as much information about your system as possible(if you have kind of private/personal system you may not wish to share it's information, that's okay it's your right to refuse): logs, process lists, directory listings and files content, when asked.
And remember, by doing that, you may help to discover private vulnerabilities in kernel or software you used, so help prevent intrusions to other users's systems, using same software, in case they will be notified about a fix.

If you really want to help, please post a reply on the same thread, you were linked here, don't post it in comments here. And remember to disconnect your computer from internet and keep it unchanged: do not remove or add something without an advice: make backups and leave system the way it is(if you have another place where to work and time to investigate it). Yes, sometimes it is hard, it's still your right to work on that system but as you make changes there, it is beginning to become harder to understand what happened on the moment cracker got into your system.

I am not the only one who wants to help you in this, so you don't need to wait for an answer from me personally, look into what senior members and moderators say, or people who were "Thanked" many times: they really can help you!

Thank you!
Posted in security
Views 1133 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 05:55 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration