[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??

>>>>> "Dave" == Dave  <dmq@gci-net.com> writes:

    Dave> Seems like the critical link to be fixed is the vulnerability of
    Dave> daemons that run with root privilege and receive input from users.

No.  The kernel itself has bug.  The "user" (attacker) is running *perfectly
legitimate* system calls (brk(), the call that will be made when you
malloc()) from a rather strange but allowed executable file (that have the
code segment moved to the end of address space).  And then, due to the
kernel bug, the user can write into arbitrary location in the kernel, do
whatever he wants.  So here the problem is the kernel---the ultimate source
of permission that you have on the computer.  If the kernel is buggy, there
is really little that you can do to be protected from being harmed---except
of course to have a network of mutually distrusting servers with completely
different passwords, keys, etc.


Reply to: