LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-21-2016, 11:40 AM   #1
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,430

Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Dirty cow kernel exploit


Reading about this today. I'm guessing we'll have a patch for this kernel exploit in the near future. Are we vulnerable to this?

http://www.theregister.co.uk/2016/10...calation_hole/
 
Old 10-21-2016, 12:49 PM   #2
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,067

Rep: Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218
Yes, I think it's safe to assume that if you're using one of the currently shipping slackware kernels you're vulnerable. This thing sounds like it's been lurking in the kernel for the best part of a decade.

The fix is included in the latest kernel.org releases (though judging by some of the comments in the lwn thread it looks like they tried to slip it in under the radar, which is not at-all good!):
http://lwn.net/Articles/704078/


I don't use Pat's kernels, and have already updated to 4.8.3 because of this.

Last edited by GazL; 10-22-2016 at 05:48 AM.
 
3 members found this post helpful.
Old 10-21-2016, 01:27 PM   #3
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,430

Original Poster
Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Thumbs up

Quote:
Originally Posted by GazL View Post
Yes, I think it's safe to assume that if you're using one of the currently shipping slackware kernels you're vulnerable.
Thanks mate! I'll be booting into my BSD partition until this is dealt with.
 
Old 10-21-2016, 02:02 PM   #4
jmccue
Member
 
Registered: Nov 2008
Location: US
Distribution: slackware
Posts: 809
Blog Entries: 1

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
From what I have seen, this is a local exploit. Am I wrong ?

Granted it is serious, but for workstation use I would say nothing to worry about if you trust your users (or yourself if single user )

John
 
3 members found this post helpful.
Old 10-21-2016, 03:23 PM   #5
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,067

Rep: Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218Reputation: 5218
The concern is that an exploit for this vulnerability may be included in the payload of an unrelated web-browser, media player, java, flashplayer, pdf-reader, etc. exploit. The upshot being that until this is patched you're effectively flying without your usual "Well, at least I'm not root" safety-net.
 
5 members found this post helpful.
Old 10-21-2016, 05:08 PM   #6
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,430

Original Poster
Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Quote:
Originally Posted by GazL View Post
The concern is that an exploit for this vulnerability may be included in the payload of an unrelated web-browser, media player, java, flashplayer, pdf-reader, etc. exploit. The upshot being that until this is patched you're effectively flying without your usual "Well, at least I'm not root" safety-net.
Thanks for the clarification.
 
1 members found this post helpful.
Old 10-21-2016, 06:23 PM   #7
Drakeo
Senior Member
 
Registered: Jan 2008
Location: Urbana IL
Distribution: Slackware, Slacko,
Posts: 3,716
Blog Entries: 3

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
The only people that know or known about that exploit are the people that test against it. Those people are part of the kernel team look it up.
so this is why linus never talks about these problems. Why should his best hackers work for him. relax. Let the cow come home.
 
2 members found this post helpful.
Old 10-21-2016, 07:25 PM   #8
Contrak
LQ Newbie
 
Registered: Mar 2014
Posts: 26

Rep: Reputation: Disabled
Quote:
Originally Posted by Drakeo View Post
The only people that know or known about that exploit are the people that test against it. Those people are part of the kernel team look it up.
so this is why linus never talks about these problems. Why should his best hackers work for him. relax. Let the cow come home.
There's probably more problems in the linux kernel than we want to know. They said this exploit has been in the linux kernel for the past 9 years.
 
1 members found this post helpful.
Old 10-21-2016, 07:27 PM   #9
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,430

Original Poster
Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Quote:
Originally Posted by Drakeo View Post
relax. Let the cow come home.
Thanks for your concern. I'm okay.
 
1 members found this post helpful.
Old 10-21-2016, 08:45 PM   #10
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: McKinney, Texas
Distribution: Slackware64 15.0
Posts: 3,860

Rep: Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229
According to the initial article, if /proc/self/mem is writable then you can be exploited.
 
Old 10-21-2016, 08:55 PM   #11
Drakeo
Senior Member
 
Registered: Jan 2008
Location: Urbana IL
Distribution: Slackware, Slacko,
Posts: 3,716
Blog Entries: 3

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
"how do you write to mem" According to the initial article, if /proc/self/mem is writable then you can be exploited. Let me explain how to write to mem. you must be 0. That means sitting at your computer. Buffer over flow oh you think that is happening mmmmm chew on some grass look at the code it is open. if you use ubuntu better watch out. sheep chewing.
 
Old 10-21-2016, 09:10 PM   #12
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,430

Original Poster
Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Quote:
Originally Posted by Drakeo View Post
if you use ubuntu better watch out. sheep chewing.
Ubuntu has offered a patch for the vulnerability.
 
Old 10-21-2016, 09:21 PM   #13
STDOUBT
Member
 
Registered: May 2010
Location: Stumptown
Distribution: Slackware64
Posts: 583

Rep: Reputation: 242Reputation: 242Reputation: 242
Quote:
Originally Posted by Drakeo View Post
"how do you write to mem" According to the initial article, if /proc/self/mem is writable then you can be exploited. Let me explain how to write to mem. you must be 0. That means sitting at your computer. Buffer over flow oh you think that is happening mmmmm chew on some grass look at the code it is open. if you use ubuntu better watch out. sheep chewing.
Is that supposed to be a poem? Are we not all sheep for continuing to use The Torvalds kernel? How many of these are lurking in the deep? Answer: we may never know thanks to his design philosophy.
 
1 members found this post helpful.
Old 10-21-2016, 10:15 PM   #14
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: McKinney, Texas
Distribution: Slackware64 15.0
Posts: 3,860

Rep: Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229
Quote:
Originally Posted by Drakeo View Post
"how do you write to mem" According to the initial article, if /proc/self/mem is writable then you can be exploited. Let me explain how to write to mem. you must be 0. That means sitting at your computer. Buffer over flow oh you think that is happening mmmmm chew on some grass look at the code it is open. if you use ubuntu better watch out. sheep chewing.
The article described the exploit rather well.

Unlike your comment.
 
1 members found this post helpful.
Old 10-22-2016, 01:13 AM   #15
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247
The Dirty COW shit was cleaned up on 4.4.26.

Upgrade yourself to, or come all of yours with loaded guns on Pat's virtual porch, to ask him to be kind do it.

Last edited by Darth Vader; 10-22-2016 at 01:15 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Kernels 4.8.3, 4.7.9 & 4.4.26 LTS Out to Patch "Dirty COW" Security Flaw LXer Syndicated Linux News 0 10-21-2016 03:51 AM
what is dirty kernel version linux_newbie79 Linux - Newbie 2 03-25-2010 04:22 AM
Kernel Exploit Upgrade tronayne Slackware 5 02-13-2008 11:23 AM
Root exploit on 2.6.10. Kernel Anilraut Linux - Security 3 09-21-2006 03:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration