HPE Community
Operating System - Linux
1753554 Members
4290 Online
108795 Solutions
New Discussion юеВ

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

 
Dave Falloon
Trusted Contributor

тАО11-17-2003 04:43 AM

тАО11-17-2003 04:43 AM

Linux 2.6 Kernel Backdoor Attempt Thwarted

This is an FYI for anyone that does not read securityfocus.com:

An attempt was made by some unscrupulous character to add a code submission to the kernel source that would allow anyone to gain root access using a combination of flags in the wait4() call.

Heres the link to the full story:

http://www.securityfocus.com/news/7388

Just thought you guys might want to take a look maybe to give you an idea of the next generation of exploits to hit this industry.

Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Reply
5 REPLIES 5
Huc_1
Honored Contributor

тАО11-17-2003 05:05 AM

тАО11-17-2003 05:05 AM

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

thank, Dave

for the "for your info" and a good link !

That should keep-us on or toes !

J-P (0 points for this of course)
Smile I will feel the difference
0 Kudos
Reply
Jerome Henry
Honored Contributor

тАО11-17-2003 07:31 AM

тАО11-17-2003 07:31 AM

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

Tks Dave too !

Funny thing is that on irc channels this flaw was discribed as far less elegant as any KLM rootkit, as it was so visible that any kernel guru or any linuxw kid would see it on first release... rootkits still have happy days !

J
You can lean only on what resists you...
0 Kudos
Reply
Ragu_1
Regular Advisor

тАО11-17-2003 10:41 AM

тАО11-17-2003 10:41 AM

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

The community of free software users' were quick to identify this security breach due to the unfettered access to the source tree. Can anyone guess-estimate the number of backdoors `embedded' in `non-free' software ? Security breaches happen and the free software community did not shy away from full disclosure of `incidents' and saying a big `no' to secrecy. The next line of security breach would be the total erosion of `individual privacy'! Computer security is a process where one learns and becomes better by correcting mistakes with full disclosure and thru the massive amount of collaboration thru the medium of the Internet to find `fixes'.
Share and share alike
0 Kudos
Reply
Dave Falloon
Trusted Contributor

тАО11-17-2003 04:22 PM

тАО11-17-2003 04:22 PM

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

I think the thing that stuck out in my head about this attempt though was its subtle nature. Using what looks like a typo to make a root exploit using a combination of little known flags is pretty cunning. Its almost too bad this person has given in to the dark side. They could probably make some very nice contributions to OSS instead of just being a code thug.

I agree Ragu, open peer review by as many people as possible will keep these flaws from being the door for the next blaster or klez or whatever its going to be. Another thing that helps is public places to voice concerns.

Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО11-17-2003 06:06 PM

тАО11-17-2003 06:06 PM

Re: Linux 2.6 Kernel Backdoor Attempt Thwarted

This backdoor code was found before it could do any damage. and never got into the main stream kernel.

the checks seem to be doing their job, that made this into a non event.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.