Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

To: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
Cc: debian-security <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
From: Micah Anderson <micah@riseup.net>
Date: Tue, 2 Dec 2003 13:35:51 -0600
Message-id: <[🔎] 20031202193551.GZ17340@riseup.net>
In-reply-to: <[🔎] 20031202121610.GA21144@ildicow.saturnus.vein.hu>
References: <20031201201712.GA14687@wiggy.net> <[🔎] 20031202121610.GA21144@ildicow.saturnus.vein.hu>

I want to chime in here also, I too was unhappy that I did not know
about a local root exploit in 2.4.22 until the Debian machines were
compromised in this manner. I think a lot of people were in the same
boat (not to mention the debian folks). I watch kerneltrap, kernel
traffic, and slashdot fairly regularly for these purposes, and I did
not see anything of this sort come through, otherwise I would have
patched immediately (which is what I did last night when I received
the information).

Previous kernel security holes have been treated with a lot more
"transparancy" and communication than this one was, I am disappointed
that this one wasn't. I understand that the "transfer of the guard"
was going on between 2.4.22 and 2.4.23 to a new maintainer, which
might have caused this. This is not a Debian problem, IMHO, but a
kernel development issue, and I would like to know how I can be more
abreast of future security issues like this if Bugtraq (et. al), kerneltrap,
kerneltraffic, slashdot, etc. are not notified to flag this, and
kernel.org does not flag this on the website, are we to wait for some
high profile exploit to happen again before we are alerted to this
problem?

Unfortuantely, complaining about it here isn't going to help, but I
solicit other's comprehension of the matter to better identify the
best way to address this problem. Should something be sent to the
linux-kernel development list from "A group of concerned Debian users"
or should we individually troll the list complaining about this and
not doing anything? ;)

micah

On Tue, 02 Dec 2003, Adam ENDRODI wrote:

> 
> Just a humble question: how the average user who doesn't use the
> kernel sources provided by Debian and cannot follow lk should have
> known about the bug?  The changelog read ``Add TASK_SIZE check to
> do_brk()'', there's no indication that it's a security fix.
> 
> I'm really curious how you cope with it.
> 
> bit,
> adam
> 
> -- 
> Am I a cleric?     | 1024D/37B8D989
> Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
> Unbeliever?        | 82DD 54C2 843D 37B8 D989
> Renegade?          | http://www.keyserver.net
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Michael Stone <mstone@debian.org>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>

Prev by Date: chkrootkit and linux 2.6
Next by Date: Re: chkrootkit and linux 2.6
Previous by thread: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Next by thread: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Index(es):
- Date
- Thread