[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

Quoting Adam ENDRODI (borso@vekoll.saturnus.vein.hu):

> Just a humble question: how the average user who doesn't use the
> kernel sources provided by Debian and cannot follow lk should have
> known about the bug?  The changelog read ``Add TASK_SIZE check to
> do_brk()'', there's no indication that it's a security fix.
> I'm really curious how you cope with it.

Oh, it gets worse than that.  In this case, at least Andrew Morton
noticed the memory-management bug (September), and Marcelo sent in a
patch (2003-10-02).  Sure, nobody (except a black hat) realised the 
security implications, but at least a patch existed.  You also have to
worry about bugs that _only_ black hats have discovered and that they've
figured out how to exploit.[1]

That's part of why klecker, murphy, and gluck were running AIDE.  Also, 
sysadmins were alert enough to notice master and murphy showing
suspciously similar kernel-oops symptoms.  

So, there you have two of the ways that people cope:  (1) Attentive
sysadmins, and (2) well-configured and monitored IDSes.

[1] Not to mention use of security tokens stolen from compromised 
remote systems:
See also Wichert's very canny list of recommendations at the bottom of 

Cheers,           find / -user your -name base -print | xargs chown us:us
Rick Moen

Reply to: