[SOLVED] Any guy able to exploit a Wordpress, Joomla, Drupal from a Slackware Server can get easily root access. How do you comment, Mr. Volkerding?

Darth Vader · 10-24-2016, 11:08 AM

You know, is all about the Dirty COW...

All the Slackware versions released on the last nine years looks like are affected, and the Internet is full of easy rooting solutions based on this Kernel flaw, fixed only since 4.4.26 and similar versions.

How do you comment, Mr. Volkerding?

anscal · 10-24-2016, 11:17 AM

How do you know Mr. Volkerding won't issue a patch?

And why did you omit the fact that all linux distributions were affected?

Darth Vader · 10-24-2016, 11:25 AM

Quote:

Originally Posted by anscal

How do you know Mr. Volkerding won't issue a patch?

I do not question that. The question is WHEN?

Meantime, the Slackware servers are at mercy of whatever illustrious unknown haxxors, because Mr. Linus Torvalds hidden the dirt under table for nine years...

Quote:

Originally Posted by anscal

And why did you omit the fact that all linux distributions were affected?

I can't blame Mr. Volkerding about what happen on the SuSE Enterprise Linux, right?

jpollard · 10-24-2016, 11:45 AM

The patch was released several days ago, and has nothing to do with Slackware.

You have the ability to replace your kernel anytime you want.

jpollard · 10-24-2016, 11:48 AM

Quote:

Originally Posted by Darth Vader

I do not question that. The question is WHEN?

The kernel was patched several days ago (at least a week now)

Quote:

Meantime, the Slackware servers are at mercy of whatever illustrious unknown haxxors, because Mr. Linus Torvalds hidden the dirt under table for nine years...

You can update your kernel any time you want.

Quote:

I can't blame Mr. Volkerding about what happen on the SuSE Enterprise Linux, right?

No, but it sure looks like you are trying to.

number22 · 10-24-2016, 11:48 AM

Danger is real but fear is a choice, you can patch it yourself, stop whining.
Clearly you don't understand software; and general computer business model.

anscal · 10-24-2016, 11:50 AM

And you are prevented from compiling a new kernel by exactly what? Compiling a new kernel is standard practice for slackware machines. You know, slackware uses an unpatched kernel.org kernel and Mr. Volkerding has graciuosly provided a .config for you...

Skaendo · 10-24-2016, 12:02 PM

Quote:

Originally Posted by Darth Vader

You know, is all about the Dirty COW...

All the Slackware versions released on the last nine years looks like are affected, and the Internet is full of easy rooting solutions based on this Kernel flaw, fixed only since 4.4.26 and similar versions.

How you comment, Mr. Volkerding?

You know that there are other operating systems out there you can use if you don't like the way Slackware is maintained. Maybe you haven't noticed, but it was Pat's birthday the other day and maybe he is taking a few well deserved days off. I would suggest that you find a different OS, because you clearly don't like how this one is ran. Maybe Ubuntu or Debian is more to your taste.

e5150 · 10-24-2016, 12:24 PM

This sort of thing is the reason I don't outright recommend slackware, even though it's the only distribution I'd use myself for my main OS. I couldn't tell my arch-using brother to switch over if I'd have to add the caveat “Oh, and by the way, don't expect security patches in a timely manner, you'll have to check forums and the obfuscated kernel changelog and fix those things yourself”. As much as I want to view slackware as a system that you set-it-up-once-and-forget-about-it, it ain't, not until security updates are consistently provided. Preferably with a delay inversly correlated to the severity of the issue.

justwantin · 10-24-2016, 12:26 PM

Quote:

How you comment, Mr. Volkerding?

I'm taking a guess that English is not your first language. That should have been "How do you comment ...." Perhaps you may also be uninformed about the difference between polite and informed questions and to arrogant demands.

ponce · 10-24-2016, 12:32 PM

you should also patch joomla, wordpress and joomla to their latest versions in the first place to avoid issues (and their extensions/plugins and php and apache and so on...).

if you do this for work and not as an hobby it's your daily job to be sure everything is ok, kernel included and not anybody else's.

EDIT: well, thinking about it again, also if you do it as an hobby.

Darth Vader · 10-24-2016, 12:54 PM

Quote:

Originally Posted by justwantin

I'm taking a guess that English is not your first language. That should have been "How do you comment ...." Perhaps you may also be uninformed about the difference between polite and informed questions and to arrogant demands.

Thanks for your notes, I'm not a native English speaker, BTW.

Darth Vader · 10-24-2016, 12:58 PM

Quote:

Originally Posted by anscal

And you are prevented from compiling a new kernel by exactly what? Compiling a new kernel is standard practice for slackware machines. You know, slackware uses an unpatched kernel.org kernel and Mr. Volkerding has graciuosly provided a .config for you...

Nothing stop me to compile a kernel as I like, and I believe that I have some experience on that after all those years.

Sadly, not all servers using Slackware are mine. So, more than probably there are thousands administrators expecting official security patches. Because this way are done the things, you know...

dugan · 10-24-2016, 01:02 PM

We already have a Dirty cow kernel exploit thread.

Darth Vader · 10-24-2016, 01:04 PM

Quote:

Originally Posted by number22

Danger is real but fear is a choice, you can patch it yourself, stop whining.

I do not whining. I just point to a Linus Torvalds failtrocity which affect hypothetically any Slackware server on use, while Slackware does NOT released YET a security patch, after a whole week.

Quote:

Originally Posted by number22

Clearly you don't understand software; and general computer business model.

I agree, I have only 20 years on this domain and every one have to learn until retirement. Tell me more, Teacher!