LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 05-20-2013, 03:10 PM   #76
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 806

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362

Quote:
Originally Posted by gracien View Post
Stable kernel is vulnerable to root exploit CVE-2013-2094 (3.2.29, CONFIG_PERF_EVENTS=y).
What should we do ? Upgrade to current ? Wait for Slack patch ?
Do you have hostile users with shell access on your system? Are they allowed to execute their own binaries?
 
Old 05-20-2013, 05:17 PM   #77
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 314

Rep: Reputation: 77
Well, this is still a big issue.
I suggest you to open a thread about that.
(I remeber a post of pat saying it was disabled but I can't find it)

Last edited by Celyr; 05-20-2013 at 05:18 PM.
 
Old 05-20-2013, 05:40 PM   #78
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 874

Rep: Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813
Quote:
Originally Posted by Celyr View Post
Well, this is still a big issue.
I suggest you to open a thread about that.
(I remeber a post of pat saying it was disabled but I can't find it)
PERF_EVENTS isn't disabled, and I don't think I said that it was. Also, the KPROBES framework used for the hotfix is *not* enabled (honestly, this seemed a little too convenient for use by a rootkit), so the hotfix doesn't work on 13.37 or 14.0.

In any case, new kernels are up now for 13.37 and 14.0, and an advisory just went out. I was never able to get a root shell out of the exploit, but I was able to crash the machine and that was bad enough. Go get 'em if you need to.

Last edited by volkerdi; 05-20-2013 at 05:40 PM. Reason: typo
 
3 members found this post helpful.
Old 05-20-2013, 06:09 PM   #79
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 806

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
Quote:
Originally Posted by volkerdi View Post
In any case, new kernels are up now for 13.37 and 14.0, and an advisory just went out.
Is it intended that there are new kernel-headers packages? I've heard that one should always have the public kernel headers installed which were used to build glibc or otherwise stuff breaks.

Last edited by jtsn; 05-20-2013 at 06:25 PM. Reason: wording clarified
 
Old 05-20-2013, 08:42 PM   #80
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 874

Rep: Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813
Quote:
Originally Posted by jtsn View Post
Is it intended that there are new kernel-headers packages? I've heard that one should always have the public kernel headers installed which were used to build glibc or otherwise stuff breaks.
The contents of the kernel-headers package for 13.37 should be identical since the kernel version did not change. In the case of the 3.2.45 kernel-headers package for 14.0, it very likely doesn't matter if that package is upgraded or not. I've never seen anything break from header changes within a stable kernel series. Actually, I don't think I've ever seen anything break due to a kernel-headers/glibc mismatch at all.
 
2 members found this post helpful.
Old 05-21-2013, 12:01 AM   #81
chytraeus
Member
 
Registered: Dec 2008
Distribution: slackware64 openbsd
Posts: 75

Rep: Reputation: 2
Quote:
Originally Posted by willysr View Post
yes, it should work as well
okay, great, thanks
 
Old 05-21-2013, 12:13 AM   #82
Poprocks
Member
 
Registered: Sep 2003
Location: Toronto, Canada
Distribution: Slackware
Posts: 198

Rep: Reputation: 30
I couldn't get the exploit to work on either of my 14.0 machines (both running 32-bit Slackware, 3.2.29). Machines didn't crash either.

Is there anyone out there that *was* able to get a root prompt?
 
Old 05-21-2013, 12:18 AM   #83
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 874

Rep: Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813
Quote:
Originally Posted by Poprocks View Post
I couldn't get the exploit to work on either of my 14.0 machines (both running 32-bit Slackware, 3.2.29). Machines didn't crash either.
If you want to see the crash, compile the exploit with -O2.

Quote:
Is there anyone out there that *was* able to get a root prompt?
I'm curious about that myself. I do suspect that it is possible with the kernels 13.37 and 14.0 shipped with, but perhaps not without a bit of adjustment to the exploit.
 
Old 05-21-2013, 03:13 AM   #84
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Here's what I get:

Code:
bash-4.2$ compile semtex.c 
bash-4.2$ ./semtex 
semtex: semtex.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
bash-4.2$ uname -r
3.4.46
I got this with kernels 3.4.45 as well.
 
Old 05-21-2013, 03:25 AM   #85
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 874

Rep: Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813
Quote:
Originally Posted by H_TeXMeX_H View Post
Here's what I get:

Code:
bash-4.2$ compile semtex.c 
bash-4.2$ ./semtex 
semtex: semtex.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
bash-4.2$ uname -r
3.4.46
I got this with kernels 3.4.45 as well.
3.4.45 (and, of course, 3.4.46) are patched against this bug. The patch went into the stable kernels sometime last month before they realized it was a security fix. I'm not sure which versions were the first to get the patch, but it's been in the stable kernels for at least a few revisions before the most recent ones.
 
2 members found this post helpful.
Old 05-21-2013, 04:36 AM   #86
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Well, I like to keep my kernel up to date.
 
Old 05-21-2013, 02:10 PM   #87
Martinus2u
Member
 
Registered: Apr 2010
Distribution: Slackware
Posts: 345

Rep: Reputation: 56
Quote:
Originally Posted by volkerdi View Post
3.4.45 (and, of course, 3.4.46) are patched against this bug. The patch went into the stable kernels sometime last month before they realized it was a security fix. I'm not sure which versions were the first to get the patch, but it's been in the stable kernels for at least a few revisions before the most recent ones.
I hear what you're saying, but this is unusual as the standard procedure for stable kernel patches is "mainline first".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Kernel 3.7.1 keyboard's dead RoyBatty100 Slackware 2 03-06-2013 11:41 PM
LXer: Openmoko Gets New Life in Brazil After Being Declared Dead LXer Syndicated Linux News 0 07-14-2009 09:30 AM
Dead kernel link B4lulu Linux - Newbie 4 08-28-2007 10:30 PM
Kernel updated, now Internet dead dmorrell Linux - Networking 1 04-26-2006 03:40 AM
keyboard dead with kernel 2.6.4 matrixfx Linux - Hardware 2 03-26-2004 10:06 PM


All times are GMT -5. The time now is 01:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration