Story at
http://www.h-online.com/security/news/item/Hole-in-Linux-kernel-provides-root-rights-Update-1081317.html

There is a link to exploit code at:
http://sota.gen.nz/compat2/robert_you_suck.c

I compiled this, ran it and got a root shell. I am running:
kernel-2.6.34.6-54.fc13.x86_64


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Further story:
http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/

This is a very serious problem which puts multiuser 64-bit Linux systems
absolutely at the mercy of their least responsible users.

I have filed a bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=635675
Priority should be high not low.





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On Mon, Sep 20, 2010 at 10:13 AM, Zbigniew Fiedorowicz
<fiedorow@math.ohio-state.edu> wrote:
> Further story:
> http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
>
> This is a very serious problem which puts multiuser 64-bit Linux systems
> absolutely at the mercy of their least responsible users.
>
> I have filed a bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=635675
> Priority should be high not low.
>

There was already a bugzilla for this.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On 09/20/2010 05:06 AM, fiedorow@math.ohio-state.edu wrote:
> Story at
> http://www.h-online.com/security/news/item/Hole-in-Linux-kernel-provides-root-rights-Update-1081317.html
>
> There is a link to exploit code at:
> http://sota.gen.nz/compat2/robert_you_suck.c
>
> I compiled this, ran it and got a root shell. I am running:
> kernel-2.6.34.6-54.fc13.x86_64
>
>

What is ORIG_RAX in the code?
It is undefined! Explain how you could have possibly compiled it let
alone run it.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On 09/20/2010 04:06 PM, JD wrote:
> What is ORIG_RAX in the code?
> It is undefined! Explain how you could have possibly compiled it let
> alone run it.

It's an index into an array of 8-byte register values returned by the
ptrace API. It's defined in sys/reg.h:

$ grep ORIG_RAX /usr/include/sys/reg.h
# define ORIG_RAX 15

And this header is included in the code:
$ grep 'sys/reg.h' /tmp/robert_you_suck.c
#include <sys/reg.h>

Regards,
Bryn.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

> Explain how you could have possibly compiled it let
> alone run it.

Please don't.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

fiedorow@math.ohio-state.edu wrote:
> I compiled this, ran it and got a root shell. I am running:
> kernel-2.6.34.6-54.fc13.x86_64

The fix is already in the "updates-testing" repository and awaiting
karma from the QA folks.

# yum --enablerepo=updates-testing update kernel

This will give you a patched kernel.

Users of Fedora 12, 13, and 14 can perform this update. I strongly
suggest they do so ASAP.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On 9/20/10 11:24 AM, Takehiko Abe wrote:
>> Explain how you could have possibly compiled it let
>> alone run it.
>>
> Please don't.
>
+1 with a big smile

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

>From fedora list:

On Mon, Sep 20, 2010 at 4:13 AM, Zbigniew Fiedorowicz
<fiedorow@math.ohio-state.edu> wrote:
> Further story:
> http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
>
> This is a very serious problem which puts multiuser 64-bit Linux systems
> absolutely at the mercy of their least responsible users.
>
> I have filed a bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=635675
> Priority should be high not low.

On Mon, Sep 20, 2010 at 5:31 AM, Michael Cronenworth <mike@cchtml.com> wrote:
> The fix is already in the "updates-testing" repository and awaiting
> karma from the QA folks.
>
> # yum --enablerepo=updates-testing update kernel
>
> This will give you a patched kernel.
>
> Users of Fedora 12, 13, and 14 can perform this update. I strongly
> suggest they do so ASAP.

Any equivalent for centos yet?

mahalo
Dave
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 09/20/2010 09:20 PM, Dave wrote:
>> http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
>
> Any equivalent for centos yet?
>

http://bugs.centos.org/view.php?id=4518

We are tracking the issue here.

- KB
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos