LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   The Evil Code (https://www.linuxquestions.org/questions/linux-security-4/the-evil-code-194181/)

ldp 06-16-2004 09:29 AM
The Evil Code
 
The Evil Code

Just read the following:
http://linuxreviews.org/news/2004-06...ash/index.html

If I understand correctly then kernel 2.6.7 should be safe?
******************************************************
...
Patch for 2.6.xx Kernels, x86 and x86_64

Linux kernel 2.6.7 is now released. (2004-06-16 06:02 UTC)

* Changelog : ChangeLog-2.6.7

This version is, ofcource, safe.

Older versions of the 2.6.x should be patched:
...
*******************************************************

I didn't find this already in a post.
It would be nice if somebody can confirm that 2.6.7 is safe, then I'll pass on to upgrading my kernel. (I'm still using 2.4.22-xfs so I was considering an upgrade anyway.)

Thanks for any advice.

rgds,
Lieven

unSpawn 06-16-2004 04:43 PM
Dunno if 2.6.7 is safe. Please try it out and report back. Thanks for warning. I put it on the homepage and I'll sticky this thread under an appropriate header. For those who can't upgrade immediately I suggest disabling any user access to introduce/make/execute foreign binaries on vulnerable systems.

ldp 06-16-2004 05:10 PM
hello again,

I'm a little bit reluctant to go experimenting with upgrading a kernel on my linux fw/rtr at this point as it is crucial for my internet connection. I'm relatively new to that altough I found a good howto on upgrading kernels. (http://linuxreviews.org//howtos/Kernel-Build-HOWTO/)
Problem is that this fw/rtr linux box is an old AMD-K6II 300MHz with only 96MB ram and I read that it might take a very long time to compile the kernel on that machine. (+/- 4 hours?)

I prefer to setup a fresh linux distro on my work pc. (an AMD 2400XP 1GB ram) and compile the new kernel there and then move it to the old box

But currently I'm experiencing some troubles installing a double boot system on the new pc. It has a sata drive and an older ide drive. Lilo is giving me a headache and doesn't show up to give me the choice to start the linux. It seems that I'm unable to write lilo to MBR of this sata drive.
(http://www.linuxquestions.org/questi...hreadid=194293)
=> I'm working to get that fixed asap.

As soon as I have the dual boot fixed, I'll compile and install the new kernel so I can test if it's resistant to this bug.

Sorry for this delay.

Kind regards,
Lieven

MS3FGX 06-16-2004 08:41 PM
Yes, 2.6.7 is immune from this problem.

Linus fixed it in his own source tree a few days ago and was only delayed in releasing it because he was moving.

ldp 06-17-2004 02:13 AM
thank you! :)

henryg 06-17-2004 11:44 AM
I wonder if there is a fix too for the :() { :|: & } ; : bug
just wondering as it doesn't even need compiling

TAAN 11-05-2004 02:16 PM
i don't think kernel 2..7 is safe......do you read the code???

/* --------------------
* frstor Local Kernel exploit
* Crashes any kernel from 2.4.18
* to 2.6.7 because frstor in assembler
* inline offsets in memory by 4.
* Original proof of concept code
* by stian_@_nixia.no.
* Added some stuff by lorenzo_@_gnu.org
* and fixed the fsave line with (*fpubuf).
* --------------------
*/

this is the head of the code....

this is the link to the code




here


All times are GMT -5. The time now is 02:09 AM.