[SOLVED] Any guy able to exploit a Wordpress, Joomla, Drupal from a Slackware Server can get easily root access. How do you comment, Mr. Volkerding?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Any guy able to exploit a Wordpress, Joomla, Drupal from a Slackware Server can get easily root access. How do you comment, Mr. Volkerding?
You know, is all about the Dirty COW...
All the Slackware versions released on the last nine years looks like are affected, and the Internet is full of easy rooting solutions based on this Kernel flaw, fixed only since 4.4.26 and similar versions.
How do you comment, Mr. Volkerding?
Last edited by Darth Vader; 10-24-2016 at 12:53 PM.
How do you know Mr. Volkerding won't issue a patch?
I do not question that. The question is WHEN?
Meantime, the Slackware servers are at mercy of whatever illustrious unknown haxxors, because Mr. Linus Torvalds hidden the dirt under table for nine years...
Quote:
Originally Posted by anscal
And why did you omit the fact that all linux distributions were affected?
I can't blame Mr. Volkerding about what happen on the SuSE Enterprise Linux, right?
Last edited by Darth Vader; 10-24-2016 at 11:27 AM.
The kernel was patched several days ago (at least a week now)
Quote:
Meantime, the Slackware servers are at mercy of whatever illustrious unknown haxxors, because Mr. Linus Torvalds hidden the dirt under table for nine years...
You can update your kernel any time you want.
Quote:
I can't blame Mr. Volkerding about what happen on the SuSE Enterprise Linux, right?
Danger is real but fear is a choice, you can patch it yourself, stop whining.
Clearly you don't understand software; and general computer business model.
And you are prevented from compiling a new kernel by exactly what? Compiling a new kernel is standard practice for slackware machines. You know, slackware uses an unpatched kernel.org kernel and Mr. Volkerding has graciuosly provided a .config for you...
All the Slackware versions released on the last nine years looks like are affected, and the Internet is full of easy rooting solutions based on this Kernel flaw, fixed only since 4.4.26 and similar versions.
How you comment, Mr. Volkerding?
You know that there are other operating systems out there you can use if you don't like the way Slackware is maintained. Maybe you haven't noticed, but it was Pat's birthday the other day and maybe he is taking a few well deserved days off. I would suggest that you find a different OS, because you clearly don't like how this one is ran. Maybe Ubuntu or Debian is more to your taste.
This sort of thing is the reason I don't outright recommend slackware, even though it's the only distribution I'd use myself for my main OS. I couldn't tell my arch-using brother to switch over if I'd have to add the caveat “Oh, and by the way, don't expect security patches in a timely manner, you'll have to check forums and the obfuscated kernel changelog and fix those things yourself”. As much as I want to view slackware as a system that you set-it-up-once-and-forget-about-it, it ain't, not until security updates are consistently provided. Preferably with a delay inversly correlated to the severity of the issue.
I'm taking a guess that English is not your first language. That should have been "How do you comment ...." Perhaps you may also be uninformed about the difference between polite and informed questions and to arrogant demands.
you should also patch joomla, wordpress and joomla to their latest versions in the first place to avoid issues (and their extensions/plugins and php and apache and so on...).
if you do this for work and not as an hobby it's your daily job to be sure everything is ok, kernel included and not anybody else's.
EDIT: well, thinking about it again, also if you do it as an hobby.
I'm taking a guess that English is not your first language. That should have been "How do you comment ...." Perhaps you may also be uninformed about the difference between polite and informed questions and to arrogant demands.
Thanks for your notes, I'm not a native English speaker, BTW.
And you are prevented from compiling a new kernel by exactly what? Compiling a new kernel is standard practice for slackware machines. You know, slackware uses an unpatched kernel.org kernel and Mr. Volkerding has graciuosly provided a .config for you...
Nothing stop me to compile a kernel as I like, and I believe that I have some experience on that after all those years.
Sadly, not all servers using Slackware are mine. So, more than probably there are thousands administrators expecting official security patches. Because this way are done the things, you know...
Last edited by Darth Vader; 10-30-2016 at 07:28 AM.
Danger is real but fear is a choice, you can patch it yourself, stop whining.
I do not whining. I just point to a Linus Torvalds failtrocity which affect hypothetically any Slackware server on use, while Slackware does NOT released YET a security patch, after a whole week.
Quote:
Originally Posted by number22
Clearly you don't understand software; and general computer business model.
I agree, I have only 20 years on this domain and every one have to learn until retirement. Tell me more, Teacher!
Last edited by Darth Vader; 10-30-2016 at 07:27 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.