Fog Creek Software
Discussion Board




Recently Discovered Linux Kernel Exploit

A good overview is available here:
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt

Some discussion here
http://slashdot.org/articles/04/03/07/1533254.shtml

I'd like to know how many people on this forum use Linux on a daily basis and how this issue affects you (what distribution you use and how you plan to upgrade, etc.).

Seun Osewa
Sunday, March 07, 2004

I use Linux as my only desktop at work, as well as on my "home" servers, which have ports open to the 'net.  I'm not terribly worried about this exploit, because it requires the user to be previously logged in.  Since no one else logs into these systems, I'm not terribly worried.

I would be worrying if I ran an ISP or corporation that gave Linux shell accounts on sensitive systems.

In any event, I would expect a fix to be released within the next few days, at which time, I will rebuild my kernel.

I run Gentoo Linux, who are pretty quick about releasing fixes for system packages.

Anonymous Coward
Sunday, March 07, 2004

> use Linux on a daily basis

I do.

> and how this issue affects you

It doesn't: all my boxes are behind a firewall and have no public accounts (the only people who have login know root password anyway).

> I would be worrying if I ran an ISP

University computer lab admins would probably need to worry a bit ... Or not: with physicall access, anyone can just boot from Knoppix-CD and become root anyway.

Employed Russian
Sunday, March 07, 2004

By the way, that vulnerability was already fixed with version 2.6.3.

Giovanni Corriga
Sunday, March 07, 2004

Remember:

When a patch for a Windows exploit is released, it's further proof that closed source software is evil.

When a patch for a Linux exploit (any other open source software) is released, it's further proof that open source is wonderful.

Joe on Software (Joe)
Sunday, March 07, 2004

That was probably the worst troll in the history of this board.


Sunday, March 07, 2004

Seun Osewa,

an exploit like this will probably not affect most web serving linux boxes. It may present a problem for linux servers serving public accounts (where people have rights to install and execute imported software). Preventative measures should be taken to patch it if you run a lot of unknown software (which is rare in the Linux space in most respectable projects)

Li-fan Chen
Sunday, March 07, 2004

I run Linux and I don't plan on patching the system for this exploit.  For the same reason as others have mentioned.

I also run serveral Windows boxes and I don't patch them when every new Windows exploit comes out.  But that is because they are all safely tucked away behind my Linux firewall.

Almost Anonymous
Sunday, March 07, 2004

> Preventative measures should be taken to patch it if you run a lot of unknown software (which is rare in the Linux space in most respectable projects)

* Most people run respectable projects, patches and additions to most respectable projects are well watched. There's the occational student who must try every short message messenger out there on sourceforge.net, but they are in the minority--most people are PHP+Apache+MySQL+Linux (LAMP) monkeys.

* Distributions are carefully verified using MD5 (yum in Fedora Core 1 does MD5 on all packages)

Li-fan Chen
Sunday, March 07, 2004

Thanks everyone; the current mail setup on my Linux server uses one user account for each mailbox so this would have been a potential problem, but it so happens that I'm the only user.  I'm glad to know this board is not only a windows and .NET-centric board.

Seun Osewa
Sunday, March 07, 2004

Anonymous Coward above: do you post on forums.gentoo.org?  If so, what's your identity there?  I've posted there quite a bit as mXskweeb--but don't look any of 'em up; they're mostly embarrassing.

MacSqueeb
Monday, March 08, 2004

See also http://www.securityfocus.org/advisories/6428

Anonymous Coward
Tuesday, March 09, 2004

*  Recent Topics

*  Fog Creek Home