SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was just reading about this and apparently it has something to do with vmsplice. Some have suggested that you recompile the kernel without it. Does anyone know where the kernel option is? Does this issue even affect Slackware? Should I even worry about this? I would appreciate it if someone smarter than I could tell me if I should even care about this.
Do you have more than one person using your machine? Will this person do something nasty and ry to get root access to do damage or change stuff?
Its a LOCAL root exploit not a remote exploit, so its local you have to worry about. and its kernel versions between 2.6.17 and 2.6.24.1 If you haven't got one of those kernels you've got nothing to worry about ( do a uname -r to find out the version ).
Plus so far we have a proof of concept, nothings been seen in the wild to expoit this... yet.
2.6.24.2 has been released to fix this
here's the changelog
Code:
commit 1617e66d11d6621824f642728d62f242272fd063
Author: Bastian Blank <bastian@waldi.eu.org>
Date: Sun Feb 10 16:47:57 2008 +0200
splice: fix user pointer access in get_iovec_page_array()
patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline.
Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.
But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.
..there is no way to disable vmsplice in your .config .You can disable it quite easily by modifying the kernel source, open fs/splice.c, search for sys_vmsplice() and then make the following modification to the function
Do you have more than one person using your machine? Will this person do something nasty and ry to get root access to do damage or change stuff?
Its a LOCAL root exploit not a remote exploit, so its local you have to worry about. and its kernel versions between 2.6.17 and 2.6.24.1 If you haven't got one of those kernels you've got nothing to worry about ( do a uname -r to find out the version ).
Plus so far we have a proof of concept, nothings been seen in the wild to expoit this... yet.
Most of us who comes to forum for help probably would be using Linux for personnal use, so this exploit shouldn't worry us much.
However, if any experts around here can help to do a simple step by step howto to :
1. test out the exploit and
2. patch the affected kernel
it would really be a great learning exercise and definitely benefit a lot of forumers here
Yea, it works. I don't see the point tho seeing as how there are more obvious ways to gain root access if your sitting at someones computer. That's definately quicker tho...
For a lot of Slackware users that use the stock kernels, they can just install the newest package for their kernel and they don't need to patch anything.
See this other related thread for more information about all of this.
For a lot of Slackware users that use the stock kernels, they can just install the newest package for their kernel and they don't need to patch anything.
Yeah, that's what I did. Here's a quote from the installation instructions from the slackware security e-mail.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
