Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
On Tue, 02 Dec 2003, Rick Moen wrote:
> Quoting Micah Anderson (email@example.com):
> > I want to chime in here also, I too was unhappy that I did not know
> > about a local root exploit in 2.4.22 until the Debian machines were
> > compromised in this manner. I think a lot of people were in the same
> > boat (not to mention the debian folks). I watch kerneltrap, kernel
> > traffic, and slashdot fairly regularly for these purposes, and I did
> > not see anything of this sort come through, otherwise I would have
> > patched immediately (which is what I did last night when I received
> > the information).
> > I would like to know how I can be more abreast of future security
> > issues like this if Bugtraq (et. al), kerneltrap, kerneltraffic,
> > slashdot, etc. are not notified to flag this, and kernel.org does not
> > flag this on the website, are we to wait for some high profile exploit
> > to happen again before we are alerted to this problem?
> Well, the kernel.org changelogs _are_ public. Feel free to read them on
> an ongoing basis, and comment on the security implications of bugfixes
> as they're entered into the BitKeeper repository. There are any number
> of mailing lists, Web sites, and magazines that would be delighted to
> publish your analyses and advisories.
My information was flawed, I was told that the kernel developers knew
that this was a security hole back in September. The fact that this
was actually, NOT KNOWN, makes my searches in vain make sense. I see
know from the detailed analysis that just came out:
>The attacker then retrieved the source
>code through HTTP for an (at that time) unknown local kernel exploit
>and gained root permissions via this exploit.
So, hey, my bad.
> Or I guess you could pay someone to do likewise.