2.2.16 Kernel Released - Fixes Security Hole 159
gavinroy writes: "According to an e-mail I received from the kind folks at Sendmail, Inc., the Linux Kernel versions 2.2.15 and below have a SUID security flaw. "This problem will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded." Sounds like a good reason to go 2.2.16 to me - grab it." The sendmail advisory is also online, as well.
Re:Dumb, dumb thing for sendmail to have done (Score:1)
2.1.x is bleeding edge? Then what is 2.3.x? Gushing edge? Seriously, 2.1.x dates back to 1998 . Isn't that enough time to find these kinds of bugs? Now I'm not trying to flame here but this bug has existed for almost 2 years without being noticed. How far back do we have to go to be assured? IANAC (I am not a coder).
Marc
Re:Sendmail are hardly helping (Score:1)
Re:HAHA (Score:2)
After I got over my initial outrage (and head->wall slamming), I was actually laughing. The guy was most definitly just a script kiddie (using lames scripts to boot). Though I don't really know how he got in, my logs were intact as were the his shell history files, though the script did try to handle that, but bash keeps the current history in memory, thus rm .~/.bash_history doesn't work to well :). AFAICT, he only left some back doors (which I fixed), and this was after a pretty thourough check of my system (though I am definitly going to look into something like tripwire as not everything is in the rpm database).
Linux isn't perfect, but I am much more willing to trust it than OpenBSD just due to the number of eyes looking over the source.
Re:I am not surprised.. (Score:2)
Yes, I know that bugs that are caused by design issues take weeks or months to test (hence the long 2.3.x cycle), but this is not one of those.
Quick, better go tell Cisco! (Score:1)
Re:fp (Score:1)
But you probably meant 'first post'???
Re:I am not surprised.. (Score:2)
For female sysadmis: s/male pronouns/female pronouns/ (don't blame me, english sucks:)
Re:Security problems again?? (Score:1)
Re:This isn't sex don't be so excited. (Score:1)
In defense of sendmail, sendmail-related security advisories have always come through the sendmail-announce list. Some idiot decided it was good to post about the advisory on Slashdot, which is certainly not the right forum for these things. (This is why there are these advisory mechanisms) The sendmail team even had enough good judgement to wait until the Linux kernel team had a patch before announcing the existence of this exploit.
People are so quick to place blame on things. Just upgrade your damn kernel and be done with it.
Re:Security problems again?? (Score:1)
The only way we can keep out the l33t hackers is to apply polices that make the PC's very annoying to try to use. Even then with such crap fundamental design, students get in and wreak havoc.
BeSysAdm is just one example. If you can log on at all, you are administrator of that machine!
There are other utils that claim to get domain admin, but I would'nt dare run it for fear of getting fired from the fraidy cat management.
And L0phtcrack is just downright amazing!
Back Orifice anyone?
NT is shite.
Re:Dumb, dumb thing for sendmail to have done (Score:1)
Re:Security problems again?? (Score:1)
Beg to differ. I was a VMS sysadmin in an earlier incarnation, and as a DEC customer I received warnings of security holes well before those holes became public knowledge. Quite often I received a patch in the mail, then a week or so later saw notices of the vulnerability hit the BBSes (the Internet not being the primary cracker media in those days). The problem with VMS was/is the excessive cost, not performance, reliability, or security.
As for IBM, they will patch problems if A) you have a support contract and B) you are extremely persistent. Case in point - in order to get TCP/IP for MVS (version 3 release 1) to work on my IBM mainframe (I've got 12 linux boxen too, so mainframe bashers can save their breath) we had to load 1549 software patches. That is not a typo. 1549 patches, and the LPD still doesn't accept a zero-length hostname field from an LPR (IBM insists that they are RFC-compliant on this issue, which is another rant entirely) despite the fact that many LPRs do not fill this field. I have to route Novell's LPRs through linux and dummy up a hostname field in order for MVS TCP/IP to print jobs submitted with the Novell LPR.
As for Microsoft, well, you're basically right. They try quite hard to patch the flaws, but since the design of their system is fundamentally screwed up (as, in some ways, linux is - the superuser concept is just plain foolish) it's an impossible task. They'd have to have thousands of developers with no profitability constraints to stay on top of the bugs. In other words, they'd have to be like linux or BSD.
--Charlie
Re:I am not surprised.. (Score:1)
Jeezuz fucking Christ!
Even if the patch does'nt fill the hole or creates another, there are thousands of programmer eyes out their looking at that hole and that patch, looking for problems. They find one, they fix it, they post it.
MS can't compare with that.
Well, no... (Score:1)
Re:Security problems again?? (Score:1)
if you can offer an internet-ready operating system that lacks any kind of security hole, i am listening. if not, FOAD.
Re:Actually.... (Score:1)
Users mistakes!?!?!?
Hang on, someone sends you an email, you open it, it absoluetely fucking floors your email server and network bandwidth in the DoS process of mailing itself to 50 of your collegues and 50 of each of their collegues etc and you think that the user opening his fucking mail is the one at fault!?!?!?!?!?
If an email came to a Unix user with a nasty payload, the damage would most likely be limited to that users ~ files and email. In Windows that users whole HDD can be Mr.Sheen'ed faster than you can say "I'm clean!" and you network totally fucked over.
The poor bastards on the network with Unix and Mac boxes, etc are left with this slow arse connection because of some money hungry arsehole in Redmond.
Wake the hell up.
Re:Sendmail "workaround"...? (Score:2)
--
Mirrors (Score:1)
Respect the mirrors please! (Score:5)
Go to http://www.kernel.org/mirrors/ [kernel.org] and get the new kernel from there
Hrm, a multiplexor like the CPAN one would be quite cool for kernel.org as well
Re:Ianal, but if your read between the lines (Score:1)
I really wasted my time trying to read it, too. Although I have to say that I couldn't see any wool...
Re:Dumb, dumb thing for sendmail to have done (Score:1)
Well who are these guys [sec.gov] then? They've been filing 8-K reports for three quarters now, but I can't find the quote anywhere.
Dammit! It's not fair! (Score:2)
I saw "kernel" and "released" and got my hopes up that 2.4 was finished. Damn the man and his female consort.
Re:Sendmail are helping (Score:2)
As a matter of fact, you got that precisely backwards: the Open Source Movement (or I should rather say: the thinking internet community) maintains: Security through obscurity never works. Why is this, do you ask? Because security bugs, like all others, will be found, and what you do not want to happen is, that all the nasty crackers and script kiddies know about the bugs and you don't.
True, this also means, that all the crackers and script kiddies will now know about this bug, but there is a fix. And if you don't want to have to spend time to fix it, fine, suit yourself, just don't come crying to daddy if someone hacks your machine to bits, because you were informed beforehand.
Security through abscurity has never worked, see M$'s Windoze for case in point.
Stefan.
`I was all fired up to write a big rant, but instead found apathy to be a more worthwhile solution.' --- Ashley Penney
Re:Sendmail are hardly helping (Score:3)
So it would have been better to just let the bug exist?
I suppose that's the Microsoft security model. Let bugs we *know* about to just go on until the next service pack and just hope that other people don't know about it. Bull. By the time that the power that be (Microsoft in the Windows world) know about a bug in the wild, people who look to exploit these things know and probably use it. Hence, the faster it is fixed, the better, even if it's done in public, since the people who would use it for harm probably already know about it.
A good example:
Back in January or so, a bug was known in Microsoft's Internet Exporer software that would cause a very hard computer crash. (If you must know, it involves following a link to "c:\con\con" or "c:\nul\nul" or "c:\aux\aux") It was patched about a month ago (May, I believe). If this had been Linux, I could have personally fixed it, the fix is so very easy (the hackish way would be to disallow those specific strings mentioned, the more complete would be to restrict links to old DOS functionality)
I am not surprised.. (Score:4)
Linux is not secure!
Linux can't be trusted!
Well stop shouting and think for a minute. Security is not a simple subject and there is no such thing as a totally secure system. All you have is more secure systems and less secure systems. IMO, these are the important questions:
Q: Are security flaws like this easier to find in open source operating systems such as linux?
A: yes!
Q: Does this make linux more secure than closed source systems?
A: No!
Q: How many potential flaws exist in closed systems?
A: Nobody knows.
Q: How many more flaws will be found in linux:
A: Nobody knows.
Q: Is linux more secure or less secure than other systems?
A: There is no clear answer. Weigh up the pros/cons of the security records of each OS you are considering, and the areas in which they have had security problems and decide for yourself.
Please people, every time a flaw is found in Linux, people shout "Linux is not secure!" and when its in NT, we hear "NT sux. Linux rules"
and similar for other OS's. Stop it.
Re:Security problems again?? (Score:1)
Do you really think that the Windows world is more suitable to business implementations ?
Well, if you have a massive support team busy following all the viruses, all the users complaints, all the Technet "pseudo-solutions", etc..., perhaps it is...
At least, here, we have already a solution... How many hours (or days) did you personnaly suffer from the I Love You virus ?
Did you see the code of this virus ? Do you know that it was so easy that even a 10 year old child could have been able to write this !
Perhaps is it more funny for 15 year olds to write viruses for Windows rather than following the mailing lists concerning Linux
More seriously, I don't think there's ONE good solution. But I'm certain Computer Science IS the business of "a whole team of professionnal". And an entire network can't be correctly managed by a few untrained people.
Moreover, I'm persuaded than following the security problems, the patches, the bugs, the evolutions, etc... is a great and interesting part of the job in IT. And, more important, it is necessary, whatever soft you're using. If you don't do this personnally or internally, at least you should have this done by someone else.
Computers don't run without problems, whatever OS is running... Bug-free softs don't exists, nowhere. And security problems are occuring since IT exists, and will continue to occur, whatever OS is used. Rather than complaining about these facts, why not finding long-term solutions and building an internal (or partly external, relying on competent external companies for example) IT department capable of following, anticipating and handling those problems efficiently ?
Sure it costs money, but remeber that all the business rely on IT. Everywhere. So that should normally be the first part of the budget... I personnaly still wonder why everyone seems to be persuaded that computers run alone without problems and that the IT department can be made of a few untrained guys with a very little budget. Why is the commercial department (for example) bigger than the IT one ? Same for the budgets ?
If someone has an answer, I'll be glad to discuss it.
Linux 2.2.16 Release Notes (Score:1)
Platforms:Alpha, PowerPC, S/390, Sparc, X86
Introduction
Linux 2.2.16 is the latest update to the Linux kernel tree. The out of the box tree supports the Alpha, PPC, S/390, Sparc and X86 platforms. MIPS ismostly merged but you should obtain the platform specific tree. ARM and M680x0 users should get their platform specific tree.
Compilers
This code is intended to build with gcc 2.7.2 and egcs 1.1.2. Patches for building with gcc 2.95 are merged but less tested than other compilers. Caution is recommended when using gcc 2.95 and feedback is sought.
Binary Compatibility
Linux 2.2.16 changes a few internal system structures. You may need to rebuild a few third party modules such as pcmcia-cs when upgrading from older kernels to this one.
Security Notes
Linux 2.2.16 is primarily a security release. It includes fixes for both local and network related bugs. Upgrading is strongly recommended.
Security Updates
Capabilities
Fixes for serious setuid handling flaws when using restricted capability sets
ELF loader
The ELF loader could be tricked by erroneous headers
Procfs
Several
Readv/writev
Potential overflow bug fixed
Signal Stacks
Exec failed to clear an existing alternate sigstack
System 5 Shared Memory
If a user managed to attach a segment 65536 times bad things happened.
TCP multiconnect hang
The TCP code had a bug that could cause the machine to hang. This was user exploitable.
Architecture Updates
Alpha
Fix SRM handling
Export symbols needed for modular tv card support
Fix SMP rescheduling with lock held
Handle early Monet boards
i386
Handle IBM thinkpad APM bios again
Attempt to work around broken BIOS MP1.4 tables
Interrupt controller hanging changed to handle possible buggy chipsets
In a few cases IRQ probing was fooled by longstanding pending IRQs
Detect and report Intel 'Cascades' series processors
Support processors over 4.3GHz in speed
MIPS
PowerPC
S/390
Resynchronized with the IBM code base. Multiple fixes.
IBM S/390 partition formats.
Sparc
Sparc64 OBP fixup fixes
Envctrl driver updates
Fix mishandling of some unaligned exceptions
Fix tlb flushing bug
Sbus audio fixes for poll()
Report correct errors on sunmouse errors
Core Updates
Elevator algorithm changes
The disk scheduling algorithm is now fair over short as well as long terms
Kmod
The module loader spots loops and acts sensibly if they occur
VM fixes
Improve the virtual memory subsystem behaviour
Driver Updates
Adaptec 152x
Recognize the AIC6370Q cards
ATI frame buffer
Fix PCI address handling errors
CDROM
Generic CD-ROM layer enhancements akin to 2.4test
CMPCI audio (CMPCI 83x8)
The SP/DIF output is now supported and a DMA bug fixed
Computone Serial
Updated to rev 1.2.9
Console
A memory scribble in the console driver has been cured.
CPiA Camera
Driver updates and fixes
Cyclades Serial
Report physical addresses, PLX9050 bug workaround, improved performance for TX on Cyclom-Y
Girbil dongle
A timing problem with some devices has been fixed
I2O Block
Support added for dynamic volume creation/deletion
I2O core
Fix several bugs in the core
IDE-CD
Remove the ghost DVD hack. DVD-RAM is now writable directly.
IDE-CD
Unified audio ioctls, packet interfaces using MMC2. Fix possible OOPS
IDE-CD
Add DVD ioctls needed for DVD movie players
IDE Disk
Handle drives jumpered for 4092 cylinders
IDE Disk
Avoid automatic DMA enables on the 450NX
IDE Probing
Fix a bug that sometimes caused CD-ROM or LS-120 probe errors
IDE
Recognize Simple Tech ATA Flash disks.
INI9100U
Handle shared IRQs
Intel ICH audio
A minimal driver for the i810 audio is now included.
ISDN
Fix multilink PPP problems
Keyboard
Handle PS/2 style reconnect code sequences.
Lp
Added more checks to careful mode
Maestro audio
Poll bugs have been fixed and a potential crash on unload.
MDA console
Fix cursor bugs
Parallel IDE
This now tries to autoload a protocol module
Parport
Add TIMEDIA 1889 support
PSS Audio
Joystick support sorted out, cleaned up code and more
RAM disk size limit
This is now configurable
Random driver
Remove key repeat codes from random entry pool - they are too predictable
SBC-60XX
A driver for the watchdog on this board has been added
SCSI CD-ROM
Removed the GHOST hack. SCSI DVD-RAM are now writable directly.
SCSI Disk Driver
Correct handling of disks with 4K block sizes
SCSI Generic
Updated to the current revision
Seagate SCSI
Recognize the IBM F1 V1.20 card
ServeRAID
Updated to the 4.0 driver
SyncLink
Updated to handle Synchronous PPP and Cisco HDLC
Trident 4DWave driver
New sound driver added. Also supports the SiS 7018 and ALI5451
TTY Layer
Return -EFAULT rather than ignoring invalid I/O requests.
VGA console
Disable the IRQ on the vga frame buffer
VIA 82cxxx
The driver now supports native mode audio.
Yamaha PCI Audio
A legacy mode driver has been added. An ALSA native mode driver is in progress.
File System Updates
Ext2fs
Fix a long standing but never observed bitmap handling bug
FAT
Clean up multibyte encoding handlers
ISOfs
Handle sessions better
NCPfs
Mixed updates
NFS
Fix potential machine hang in nfs_free_dentries
Partitions
Disks with old style partitions on large block sizes are now automatically recognized and handled.
SMBfs
Assorted updates, removal of debugging messages. POSIX unlink semantics
UFS
Fixed buffer leak on full disks
Miscellaneous Updates
Configuration
Both Menuconfig and Xconfig have been improved.
Gcc 3.x
Change compiler tests ready for when gcc 3.0 eventually appears
Network Updates
3c515
Fix a bug where the board hung after 2^32 packets
3c59x
Extensive updates and bug fixes to this driver. NWAY on the 3c590C
82596
Performance enhancements and more
Acenic
Updated to 0.44. Fixes for a crash sometimes seen with dhcp clients
Appletalk
Several cases where appletalk would oops on device downs have been fixed
C101
Added a synchronous driver for the Moxa C101
DGRS
Support shared IRQ mode. Handle gcc 2.95 builds
DHCP
DHCP is now supported on diskless boot
DMFE
Remove surplus error messages
EEpro
Add support for the older ee10 boards (82595FX etherexpress 10)
EEpro100
Workaround FCB interrupt lockups, clean up 82559ER support. Honour PortReset timing.
Hamachi
Driver for the Packet Engines GNIC-II added
IBM TR
The windowed shared ram is now supported in full
IP Masquerade
A memory scribble in the masquerade code has been fixed
IPX
Fix a memory leak in the IPX layer
IRDA
Fix for automatic bandwidth setting
Olympic TR
The IBM PCI adapters now work on LinuxPPC
Riscom N2
Support for the RISCom/N2 added. (not the integrated CSU/DSU)
SBE WanXL
Support for this has been added.
SMC9194
Fix board memory allocation bug.
SyncPPP
Added ioctls for changing flags
TCP
Fix a crash on certain unusual TCP retransmit patterns
Unix sockets
Provide credentials on socketpair()
Re:Sendmail are helping (Score:1)
Did I claim to be original with that? Of course, I could have written Mickey$choft Winddoos, but I rather doubt you speak Dutch.
Stefan.
Re:Sendmail are helping (Score:1)
"Oh, we've found this huge gaping hole in the system, any scriptkiddie will immediately find it, once word gets round." 'Well, lets pretend it isn't there and try to find a fix before shit happens.' "Uhm, well, we really found out about it this morning, when the mail server was discovered to be hacked and truly messed around with." 'Well, let's just hope the little shit tells noone. So, not a word to anyone, right?' "You're the boss."
And if you think "Obscurity is one of the prime security features provided by firewalls" you've got some mightily funny firewalls where you live. Over here, their main function is to deny access, selectively, to some services and/or some machines. Or rather, to selectively allow access, because the remainder is denied.
You're right in that obscurity provides some level of security, but 1. you can't rely on it and 2. it only stops the really moronic/incompetent. So yes, I keep maintaining: "Security through obscurity never works". It can only lull you into a false sense of security.
Stefan.
*BSD vs Linux (Score:1)
Why not compare Linux with another opensource OS like, OpenBSD? *BSD, as far as I can understand, use a very cathedral like development model.
And then compare NT with a closed source OS, like Solaris.
Now, which one have given the more secure OS in their category?
And BTW, I thought that article on the developer's website [earthweb.com] showed that open source does not guarantee security nor that security bugs will be found?
Re:Dammit! It's not fair! (Score:1)
Because he will be relaxed and not make anything
because he is stressed up. You know 48 hours in a row before shipping. At least I think it's good that he is relaxed...
People tend to do things more stable then.
They also make less errors.
So it's a good thing.
Re:2.2.16 Realtek Support (Score:1)
Re:This will probably get modded down (Score:1)
Re:Actually.... (Score:1)
Re:Sendmail are hardly helping (Score:1)
Any good encryption algorithm will still be effective, even if (and because) its algorithm is widely known; it will rely on 1) passwords or keys being kept secret by the users, and 2) hackers not having the computational power available to break in without the key.
Obscurity doesn't work.
Re:Actually.... (Score:1)
Re:Security problems again?? (Score:2)
For production boxes, 2.0.X boxes are probably a good idea..
I read the release notes and kernel traffic and try to figgure out when the new series has matured, and this time it was mostly done about 2.2.12, but still had some ide problems and this bug.
Besides, you should ask a Solaris admin about the bugs that SUN patches months after they are widely known.
I think you're wasting your breath. (Score:1)
Perhaps we should set up a little program that would explain things to these children. Perhaps a cute little character. Maybe an animated paperclip?
Re:Dumb, dumb thing for sendmail to have done (Score:1)
In no even shall the authors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of damage.
Versions affected? (Score:4)
Re:takes one to fucken know one (Score:2)
I notice you didn't say anything about making the grade as a practicing attourney.
Mucking foron.
--
What this bug really is... (Score:5)
All that is happening is that under some circumstances, SUID programs that try to drop some of their priviliges don't end up droping them correctly, and remain SUID.
This does not open up any more remote exploitable holes, but rather makes it give you root rather then your "nobody" user when you break a program like sendmail that uses this sort of security.
Is this a bug? Yes. Is it remote exploitable? No.
Not to mention, that as far as I know, quite a few other os's don't provide capabilities like this, so they are all as vulnerable as Linux is.. (However, I've never researched this and could be dead wrong, they could all have implemented this ages ago..
Re:Dumb, dumb thing for sendmail to have done (Score:2)
Note that BluePoint Linux Software Corp. is no more the maker of Linux then VA Linux Systems or RedHat Linux. The point is that there is a qualification on the Linux, it's not the Linux. The Linux is not controlled by a company.
Re:Security problems again?? (Score:1)
People are going to expect that problems with software connected to the internet to be fixed and fixed fast
This is a bug that is almost 2 years old. Your argument doesn't work here.
Please PLEASE read the article before you post. You made yourself look rather immature and foolish.
Marc
Re:I just thought of something (Score:2)
file (c:\io.sys) on your hard disk.
>>>>>>
Not in any Windows version is the kernel io.sys. It provides some DOS functionality, but the Windows kernel resides in kernel32.dll and kernel32.exe.
All of the extra hardware functionality (USB,
multimoniter, etc.) that you mention is tacked into the OS through a series of
interesting things like normal and virtual device drivers.
>>>
All the buses are in the kernel. That's why decent USB support didn't appear until 98 and why NT4.0 never got Firewire support until MS patched it. TheyUSB drivers required a lot of hacking to get past the kernel, and the Firewire drivers were impossible to write without the cooperation fo the NT kernel. Multi monitor is also part of the kernel because that is under the control of the graphics system, which resides in the kernel.
It's sort of like a
microkernel, only these drivers are accessed through a GUI (Windows) running on
top of the DOS 7 part and the kernel.
>>>>
Wrong again. Contrary to popular belief, Win95 does not run top of DOS. Its mostly anti-microsoft propganda. True, Windows 95 has DOS embedded in it, but does not use it all that much when running Windows programs. If you run fully 32 bit programs, Win95 rarely goes switchs into real mode DOS. WinME will finally take DOS out altogether, although it will still suck. I mean even Win3.1 only used DOS for the file system! Second, no Windows is really a microkernel. They want to tell you that NT is a microkernel, but in reality, it has most drivers embeeded in the kernel, and one big Win32 system server. Hell, in Windows 2000, the hardware abstraction layer includes calls to DirectX! (Though there is nothing wrong with that. It might be acedemically incorrect, but if MS would just let the DirectX guys do NT, Linux would be in major trouble.) Win9x is even more monolithic. Everything from the graphics and some GUI functions to file systems run in the kernel.
Unlike with a microkernel, the kernel never
actually touches the device drivers and things that Windows runs. Windows even
has it's own virtual kernel that runs on top of the actual one!
>>>
You're confused. The Windows kernel has complete access to hardware drivers. It doesn't run on top of DOS, it uses some DOS code in the kernel. Its just like the Linux kernel in terms of closeness to harware, but while Linux is completely 32 bit protected mode, Win9x has some sections that are real mode. Also, there is no virtual kernel. I think what confused you is that Win9x has a virtual machine that runs all Win16 programs, and many virtual machines to run DOS programs. All 32 bit programs run without a virtual machine.
Some of the other things you mention (icons, IE) are actually in executable code in
the GUI part of Windows and elsewhere, not through any interaction with anything
resembling the kernel.
>>>>>>>>>>>>>>
True, icons are not in the kernel. Faux pas on my part. However, they are pretty close. All the routines to load icons and do graphics are in the kernel. Like I said, Win9x is SERIOUSLY monolithic.
X-Windows isn't part of the Linux kernel, and IE isn't part of
the Windows/DOS 7 one.
>>>>>>>>>>
Stop sayiing Windows/DOS 7. There is no DOS 7 kernel in Windows, the virtual machine that runs on top of the Win9x kernel reports itself as DOS 7. Win32 programs never actually use that virtual machine. The DOS heritage that Win9x has is not that it runs on top of it, but that it uses a good deal of DOS code.
DirectX is weird. It is made up mostly of a large number of device drivers and
some executable code, although there are more complicated things in there.
>>>>>>
DirectX is god. DirectX is mostly device drivers, that's true, that's what gives it the speed. Conceptually, DirectX is a set of COM objects that talk to the DirectX HAL/HEL. The hardware drivers make up the HAL (hardware abstraction layer) and emulators make up the HEL (hardware emulation layer) the other executable code is the stuff that orchastrates to whole thing.
These security fixes mostly update DLLs and stuff NEVER the kernel. Again, most
of Windows is actually executables and libraries. The kernel is quite small and
doesn't do a whole lot except interpret for these executables.
>>>>>
Whoa, that's kind of wrong. Windows networking is implemented in the kernel on Win9x, and in kernel mode servers on NT. True, they might not be in the same executable, but they are for all purposes part of the kernel. Again, I don't think you quite have the right idea about Windows. In all versions of Windows, the kernel is quite large. (Again, in NT the kernel32.dll is not that big, but a lot of stuff runs that is loading into the kernel.)
In short, the actual kernel has not changed much, other than moving it from two
files (msdos.sys used to have part of it) into just io.sys.
>>>>
I'm assuming you're talking about Win9x here. The kernel is not io.sys or msdos.sys on any version of Windows. They are DOS modules loaded by the Win32 kernel to facilliate some operations.
USB and other nice things
never directly interact with the kernel, but work through executable code (win.com
and associated dlls and other files) that runs on top of the kernel and accesses
hardware.
>>>>>
Wrong again. USB and stuff does work through the kernel. DLLs may provide support for the actual device, but USB is a bus and busses in Win9x are supported by the kernel.
Linux, on the other hand, integrates USB and such into the kernel, so it
does not constantly crash because of the complex and unstable patchwork doing
things DOS was never meant to do.
>>>>>
You're sentences make no sense. Integrating something into the kernel make it less stable, not more. (Ever wonder why NT used to be really really stable in 3.x before they moved graphics into the kernel?) DOS has nothing to do with it. There is no code in the USB services that use DOS.
You have a very well thought out response. The problem is that you are doing
exactly what MS wants: seeing Windows as one big happy family rather than the
confused mish mash it is. Dig a little deeper, and you'll discover why the model is
insecure and why it crashes constantly.
>>>>>
You seem to be quite confused on what Windows is. I got all of my information from a BYTE article cirica launch of Win95 that detailed the architecture of Win95 (then Chicago.) (BTW. BYTE was THE nerds magazine. I've never since seen a mainstream mag that went into the kind of technical detail BYTE did. Read the one from 1993 about the new OSs that were coming out then. They talked about message passing and hardware abstraction layers like you had known about them forever!) True, Win9x is a mishmash, but the fact that it runs on top of DOS is just not true. Win3.1 did, but in Win95, everything was moved into a set of modules (such as USER32.exe and USER32.dll and GDI32.exe and GDI32.dll) which comprised the kernel. Some of those modules contained DOS code (at launch, GDI32.exe was largely 16bit Win3.1 code,) but that does not mean that Win9x runs on top of DOS.
Re:I just thought of something (Score:1)
- io.sys (system doesn't do anything with msdos.sys)
- command.com
- autoexec.bat
- config.sys
- win.com
- Other Windows files
The Windows kernel, as I mentioned, is seperate from the DOS kernel. Until the system loads win.com, you are running DOS 7. You can find the text DOS 7 embedded in these binaries. Windows, the GUI that we know and hate, is made up of binaries, libraries, and whatnot that run on top of these binaries that label themselves internally (yes, they do print out "Windows") as DOS. DOS and Windows are integrated in the sense that they come in the same box, but Windows is actually running on top of DOS like any other program, albeit with a little more functionality than other programs.The Windows "kernel" is a virtual kernel. The actual kernel in the classic sense of the word is the DOS io.sys.
Multimonitor and the buses are not really built into the DOS kernel in any real sense. USB and Firewire are present to a very limited extent. Again, you confuse the virtual kernel loaded by Windows and the real kernel of the OS Windows runs on top of just like any other program.
I did not say it was a microkernel, I made a (correct) analogy. Look at the files your system loads when running in Windows: all hardware is addressed through drivers which are not part of the kernel, they hook into it and are called through by it (it is not that simple, but they are most definatly not integrated into the kernel).
Windows loads DOS, then the GUI which is the actual Windows. The GUI Windows loads a virtual kernel that runs on top of the DOS kernel that uses various other drivers and junk to do stuff. DOS is, in no technical way, integrated into Windows. That's like saying that since you got you copy of Emacs and the Linux kernel on the same CD, they are integrated. Emacs runs on top of the Linux kernel, and is actually a lot like Windows (it can even run its own programs. I like the Tetris game better than Minesweeper).
True, Windows doesn't use the DOS system for a whole lot, because it basically replaces it, but try using a Zip drive in DOS mode. Windows includes a driver that works with it (don't cheat and use a DOS driver, now. You don't need it, since they're integrated.) What, it won't work? That's because the Windows kernel and associated device drivers are programs that run on top of DOS and its kernel, which is still sitting around in memory, handeling the tasks that aren't replaced by hooks from drivers.
One last time: Windows runs on top of the included DOS system. It loads other files to do stuff. But DOS is there. It is not one big system, there are many parts, and the kernel is just the rarely updated centre. MS would rather patch in functionality from other files than mess with the thing that regulates it all, or else they really would be integrated and you wouldn't have one kernel on top of another one.
If you have any other questions, we can just move this over to email. It's more convenient.
Re:I just thought of something (Score:1)
Re:Security problems again?? (Score:1)
This is what is really bad with NT security, the default settings are a joke; but the base concept is quite good.
EVERY OS HAS ITS BUGS AND HOLES (Score:1)
Two questions:
Does this hole affect your system directly or
are you just discussing for fun?
Do you know an OS without any holes and bugs?
The difference between Open Source and the rest
is - that the open-sources doesnt have
problems with reporting those bugs.
And as u could see - the bug fix is already
there and u dont have to wait for a service pack.
Enough.
regards, sul (MCP soon MCSE - u gotta know
the enemy to fight him - sun tzi - art of war:-)
Re:I just thought of something (Score:2)
PS> Programs and modules loaded into the kernel count as part of the kernel.
Fundamental Error (Score:5)
I'm sure you meant "Isn't it nice that Linus released a fix for his operating system right after getting back from vacation, and let me use it?"
It's not your operating system. It's Linus's operating system. He just lets you use it. If you purchased an operating system from a commercial vendor, then your gripe is with that vendor - they are responsible for all bugs and security holes they ship, not the authors. The authors just provide software out of generosity, without warranty, express or implied.
That people think anything else is the bad sign.
Re:Sendmail are hardly helping (Score:1)
Re:*BSD vs Linux (Score:1)
Just because no bug fixes have been announced doesn't mean the bugs don't exist.
I seem to get this sort of attitude from a lot of BSD users claiming Linux is really lame every time a bugfix comes along.
I seriously wonder how many people who wrote in saying "Linux sucks, use BSD" were actually in a position that would have made them vunerable to this bug. Using Linux on my laptop makes this update about as important to me as somebody on the other side of the world smacking a mosquito. But it is nice to see another bug bite the dust.
Please don't get me wrong, I don't have anything against BSD. In fact, I intend to try it out when I get my next computer. (My laptop has some unsupported hardware.) Until then, Linux fits my needs perfectly.
2.2.16 Realtek Support (Score:1)
Huh (Score:1)
I thought this problem was part of the default kernel? Perhaps I didn't choose to compile a piece of the kernel that effected this?
Re:I just thought of something (Score:1)
While Windows is running, it looks like this:
DOS (idle, superseeded by the running programs most of the time) -> Windows (a program that has code to talk to hardware and bypass DOS) -> Windows applications.
Again, if you read what I have written, the virtual kernel is quoted, as I was using it as an analogy. I am trying to think of words to describe these concepts, and often come short. The fact I am trying to get accross is that Windows runs on top of DOS. It no longer uses DOS for much, because it has code to handle those functions. But DOS is there.
If what you say is true, that Windows runs as a virtual kernel over DOS, then most tasks that require access to hardware would have to go through DOS.
This is not what I said; it is the opposite. Look at my Zip drive example: my argument was that the Zip drive is controled entirely by the Windows program running on top of DOS rather than by DOS and that they are seperate from an engineering perspective for that reason.
The only point I was trying to make is that Windows and DOS are not the same although they are sold together, that the Windows kernel has not been updated recently even though drivers for it have, and that Linux is better because it's model is consistant and stable while the Windows model is fragmentary because things are never replaced but just hooked into by other things to make them work. I never said Windows relied on DOS, my point was that it tried to avoid that and replace the DOS it runs on top of.
%eax and %ax (Score:2)
Does anyone have the change log for this summed up yet. I know taht normally I check at http://www.linux.org.uk and Alan Cox has his summary of changes, but that is not up yet.
Well any hoo I just downloaded it, boy do I love fast connections.
On another note I am not sure why people want to do so many OS comparisons. Here is my take on all the OSes that I have used.
This is just my opinion take it or leave it.
send flames > /dev/null
Re:Actually.... (Score:1)
Outlook comes set up by default to open each mail you get for you (previews), and can run scripts in this fashion without you even being in front of the computer, or you can disable this in Outlook which would limit these dangers to only occur as you click on them to read them, which of course is great security (cough).
This, is not, a good mail product. It is an extreme danger to the network performance and the integrity of user files and privacy.
Just receiving an infected email is enough with Outlook. Compare this to a Unix sys admin, is he likely to run a script he received through email, whilst being logged in as root? If so, he should not be an admin.
If I was the head of a company, #1. in the company policy would be that under no circumstances should a Microsoft product be allowed inside our local network. In fact, nothing that is not first run by Systems.
Microsoft, sucks.
Re:Security problems again?? (Score:1)
Re:2.2.16 Realtek Support (Score:1)
Re:Dumb, dumb thing for sendmail to have done (Score:2)
It is true.... and FUD...
Basicly.. you can not sue Linux or anyone who develups Linux for a defect in Linux due to the GPL. The GPL contains a shrinkwrap liccens that says you can not sue for defects in Linux.
Now here is the FUD part...
You can not sue Microsoft eather... Same reason...
Most (if not all) develupers have a shrinkwrap liccens that says you may not sue for software defects.
Not Sendmail not RedHat, Not Microsoft and not Sun Microsystems.
If a bug happends it's totally your problem.... no matter what your using...
In short... Real world... the lawyers have allready resolved this problem...
Yeah, like /. ppl check the links (Score:2)
I've been noticing people complaining about stuff like this. A lot. And I think I know the reason why it's always happening.
The people reviewing and approving stories don't review the links. They just post the story. Verbatim.
This is actually a good thing because if they started editting user submitted articles (the stuff in italics, all of it, in any way), they would be breaking their integrity, and a whole other segment of the /. community would be in an uproar. But, they are still responsible for these links. So what should they do?
How about updates and addendums. There used to be witty comments after each user submitted article. They could say things like CT: Use the mirrors from this list [kernal.org] to download the kernel and leave the poor main server alone. Taking a little time to make sure the mirrors are respected shouldn't hurt too much.
Re:Security problems again?? (Score:2)
and the only mailing list i need to check is the SuSE Security Announcements list,
if the bug is relevant to one of my systems download an RPM install it on the boxes i am done and done.
takes me about 10 mins to upgrade 4 boxes and i dont even leave my desktop. I takes me longer to download SP6.
So you i can safely say unless your support team are a bunch of cleuless monkeys you dont Need a massive support team.
Re:Respect the mirrors please! (Score:1)
Objectivity and Slashdot (Score:1)
:-)
Re:Actually.... (Score:1)
Melissa nor any other VBS/Macro based worm is spread in the manner you describe. It is spread via attachments as I previously stated. In fact, I don't have experience with any virus, trojen, worm or other type of 'pathogen' of any kind that is spread by viewing them in Outlook's preview pane.
Would you kindly post examples, or are you done being a Micro-bigot? It's fine if you don't like their OS or their software, but at least don't spread disinformation about it. There's plenty of tangable problems you can hit on without spewing vapor.
References for you:
Info on the Melissa virus [mcafee.com]
Info on the ILOVEYOU virus [mcafee.com]
Is this enough or should I cross reference?
Re: (Score:1)
Re:sick of the bug of the week club (Score:1)
what? a new Linux security model? (Score:1)
Could someone explain to me what this "new security model" is all about -- in very simple words?
I mean, please answer questions like:
- what about chmod and rwsrwxr-x and so on? Is that going to be a thing of the past?
- I thought that until now, we have always claimed that the "old" UNIX security model (chmod and stuff) was the best thing there was? What's wrong with it?
- Isn't the new model confusingly complex? Like, that users would not understand it and misuse it?
- Is this a sign that Linux goes it's own way and abandons UNIX?
...altogether, what's wrong with the "good ol' UNIX security model"?
It's... It's...
Re:Actually.... (Score:1)
Here is that example you were after...
"It uses a vulnerability discovered by Georgi Guninski in which many versions of Internet Explorer 5 allow any HTML file or e-mail to write files without ActiveX authorization."
"Historically we've always said, as long as you don't open attachments, you're safe," Network Associates spokesman Sal Viveros said. "That's not true anymore."
BubbleBoy is a "proof of concept" virus that has no dangerous payload, meaning it doesn't attempt to delete or alter files.
http://www.zdnet.com/ zdnn/stories/news/0,4586,2392757,00.html [zdnet.com]
So, it can write ANY file without authorisation when it is opened or previewed. This is why I switched off auto preview at work.
Funny how you state your ignorance of such a beast and yet are oh so cocky to rub my bigot nose in what I have written about of which I am not ignorant.
Re:Actually.... (Score:1)
Also, another distinction I should point out is that this virus only affected Outlook Express, not Outlook which was the topic of conversation, and didn't work on NT or have a payload. This isolated incident does not support your image of an OS "totaly lacking any security" as the security hole was patched 7 months ago as can be seen here [microsoft.com].
I see your point though, security on the net is a big issue and always will be. However, it's an issue for Microsoft OS' AND *nix. For every security feature implemented a couple more develop.
Re:sick of the bug of the week club (Score:1)
Re:Actually.... (Score:1)
The URL I quoted actually stated "Microsoft Outlook", but I did assume they meant Express. However Outlook also has the preview function, opf course without ActiveX it would be useless. So I might be guilty of assumption and limited research for reading that one URL and beleiving my memory of the incident.
However, that virus could have had a pay load. It can write to any file with the help of ActiveX, so why not NTLDR, COMMAND.COM, etc.
It was a proof of concept virus that worked. Showing that it could pose a real threat.
I know MS does not totally lack security, they do make attempts at it. And I know the *nixes are not perfect. But MS is by far the worst, and the money hunger that drives them makes them easy targets along with their buggy and insecure products.
How can they advertise how great their stuff is when bugs and exploits are always cropping up, especially with OS like OpenBSD on the market that have far fewer problems and are far cheaper and faster in many cases.
I tell you what though, even though I use Netscape and Outlook, I will still keep auto preview switched off.
Cya later.
Re:(OT) 'f' was not used for 's' (Score:1)
(This comment looks best in a browser that supports a lot of Unicode [unicode.org].)
This letter "very much like f", , is called long s. It had the advantage of looking good on paper, enabling more ligatures (st, sh, etc), and generally fitting the way type was designed. The italic print version looked like (an integral sign). Something similar was used in the old Gaelic and German alphabets (surviving today in the German letter ß, which is long-s + s and no relation to the Greek lowercase (beta)).
Re:Sendmail are hardly helping (Score:2)
I believe the industry truism that you're looking for is "security through obscurity is not security at all", and means the exact opposite of what you've taken it to mean.
Hint; OPEN Source. How do you get Open Source as being about security through obscurity? How could one hope to obscure anything for long with the source open?
Answer; they can't. Open Source security relies upon the principle that not all the skilled coders who are looking at the code are nasty criminals looking to hurt somebody. Some of them are professionals like the Sendmail crew, who are interested in making systems more secure by eliminating the bugs.
Unless you want to rewrite everything yourself, you get bugs fixed by publicizing them so that others will be compelled to fix them. Since one man can only put in one man-hour per hour, that's necessary.
As for whomever told you "NO SECURITY WITHOUT OBSCURITY!", you should stop using them as a resource immediately, because they're 30 years behind the state of the art in OS security.
--
Re:Dammit! It's not fair! (Score:1)
Hey, any OS update could be delayed because the primary programmer / project head was on vacation.
With linux, you get to hear about it.
Re:%eax and %ax (Score:2)
Misconception. Sun now only charges for Sol2.8 on servers running >= 8 CPUs. So your E2, E2x0, E4x0, your Netra T1 (with the sleek 1U shell and most excellent LOM console), and IIRC your Sparc10/Sparc20 can run a beer OS..
Whether you'd want to run 2.8 now or hold off for a few patchlevels is up to you as an admin.
Your Working Boy,
Re:Yeah, like /. ppl check the links (Score:2)
--
Re:Dumb, dumb thing for sendmail to have done (Score:2)
Re:Security problems again?? (Score:2)
I score such a superfluous comment as -10 - Stupid.
Re:takes one to know one (Score:2)
Hello legal type person allow me to give you my own history....
Age 15 started busness ran same until age 23. Sence then I ran for office (and lost)...
In short I have a lot of experence in BS.
Everyone lives within a community...
It's just a part of being a part of socity.
Linux Weekly News [lwn.net] - "For a lot of people who watch the Linux business community Bluepoint came, well, out of the blue. What is this company, and how did it manage to go public so quietly?"
First note... even Bluepoint is part of a community. They are a new company. Moreover they are not a US firm but in fact in China. The objective of the company seems to be to introduce it's version of Linux to Chiniese busnesses. Thats just my point of view. This company could also be just annother "Linux One".
Bluepoint isn't the first company to have the name Linux. For example VA Linux Systems. Who own Andover.. who own Slashdot... And do not own Linux.
At least your living up to the lawyer stereotype. Thats kinda sad too becouse most lawyers are honnest people. You however seem to sling the BS better than any politician....
Being a part of a community is no more illegal than breathing air.
Your not stupid... your simply full of it.
In fact I am not telling you ANYTHING you don't allready know...
Excluding the fact that I also know...
Re:Dumb, dumb thing for sendmail to have done (Score:2)
Be careful not to sue them though, they have some very high-powered lawyers (much more articulate than you) and would take *very* *unkindly* to someone damaging their IPO chances. So would the SEC.
So keep yoah beautiful head down and don't bite off more than you can chew.
It is a local root exploit. (Score:5)
Sendmail did the right thing. Details of the vulnerability were already publicly available, but had been misreported as Sendmail bugs.
The impact is that any local user (local shell access is required) can become root using techniques simular to those effective against pre-v8 versions of Sendmail. I've found two other vulnerable applications, surely there are more. If you can't figure it out given the information provided, good. Just upgrade your kernel.
There is no remote exploit.
Re:Stupid question -- public CVS kernel server? (Score:2)
Facts of Life (Score:2)
Stupid question -- public CVS kernel server? (Score:4)
is there a public CVS server that has the kernel so i can do a cvs update (and thus also auto merge)?
Re:Security problems again?? (Score:2)
You forgot to mention the part about them putting the fix in a "service pack" along with brand new bugs. You can't pick and choose from MS's service packs, you have to take the whole thing. What's MS's record been with NT service packs? About 50 percent?
'f' was not used for 's' (Score:3)
If you have a facsimile of the Declaration of Independence, you can see numerous examples in T. Jefferson's interesting handwriting.
-JD
This will probably get modded down (Score:2)
Re:Security problems again?? (Score:4)
Now that is (as Cartman would say) securitah.
Actually.... (Score:5)
> Q: Does this make linux more secure than closed source systems?
> A: No!
What it does do is give Linux the *potential* to be more secure (note the emphasis). Patches are released early and often, usually within hours of the security hole being found.
> Q: Is linux more secure or less secure than other systems?
> A: There is no clear answer. Weigh up the pros/cons of the security records of each OS you are considering, and the areas in
> which they have had security problems and decide for yourself.
A system's security can only be judged by comparing it with other systems. No system can be absolutely secure.
So, let's compare it with Microsoft's security model (I know, easy target...). The hole with VBScript in Outlook has been well known for over a year (Melissa was the first widespread exploit). Yet it took until *last month* for MS to *announce* that they intended to release a patch for Outlook. They still have not actually released that patch.
This does lead me to believe that Linux has a far greater potential than NT for having greater security.
Re:Versions affected? (Score:5)
Re:Security problems again?? (Score:2)
>Linux, unless they can afford to keep a massive support team busy
>following each and every mailing list and newsgroup.
>Let's face it, the 15 year olds live for this. Do businesses want to
>run code children are climbing around in breaking?
>(score:-7 Truth about Linux)
Crap. If you don't do things like this, what happends is exactly what we saw with ILOVYOU. How long did you Microsoft assholes sit on your asses knowing the truth about the various Outlook/VBS problems and pretty much did (and haven't really) nothing about it untill a hell of lot of people got burned by you shitty software design? The world is changing loser. People are going to expect that problems with software connected to the internet to be fixed and fixed fast. They aren't going to be interested in hearing excuses from people like you anymore.
Re:Dumb, dumb thing for sendmail to have done (Score:2)
So, in summary, "Linux" is not suable, "Linux" isn't even an organization. When the OS known as Linux is used by a distribution, they open themselves to possible law suits, and that's why they don't use the bleeding edge kernels.
When will the code-heads join the real world, huh?
The ones that do open source generally don't want to. The open source world is a great excape to the corprate/law/marketing world. So those distribution companies sort of form a buffer layer between us and the real world. They do the marketing; they have the lawyers.
Re:Sendmail are hardly helping (Score:2)
I must say, my partnership moved to Linux last week
Moving to Linux isn't the sort of thing that you do in a week. Also, you work at a law firm, right? You aren't supposed to "get it." You're lawyers, and you're actually paid not to "get it." :-) The less you understand of the technological details, the better for your clients. They pay you to understand the law, not technology.
Seriously, though the phrase is "There's no Security through Obscurity." It is generally thought in the Free Software community that having the source code open and available exposes the security holes to the prying eyes of many more developers, and therefore reduces the risk that such things will continue undetected for long. This one took longer to catch than some of the others. It's also more subtle and harder to exploit, as has been pointed out by others. Which is the opposite of what you're saying is the commonly held belief.
BTW, "the BSD thing" is ready for release. Has been since at least 1978. In many ways the BSD kernels are superior to the Linux kernel. In some other ways Linux has BSD beat.
You're a lawyer, so I expect you to see a lawsuit in every utterance. I wonder, though, if you're not just trolling here.
Re:I just thought of something (Score:2)
Re:Security problems again?? (Score:2)
how to test the bug (Score:5)
I wrote two little programs to test this; one to test whether giving up privileges works, the other to start a shell with the CAP_SETUID capability removed. To check the bug on your system do:
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/blep.c. c
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/suidcap
$ gcc -o blep blep.c ./blep ./suidcap ./blep
$ gcc -o suidcap suidcap.c
$ su
Password:
# chown root.root blep
# chmod 4755 blep
# exit
$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] [your-uid]
(this is the expected result)
$
launching shell...
sh-2.03$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] 0
PROBLEM!!
If you don't see the 'PROBLEM!!' part, then you don't have a problem.
Re:Dammit! It's not fair! (Score:2)
Is it a good sign that a major update to my operating system is delayed because someone went on vacation?
Mixed security model + comments (Score:5)
Now why am I saying POSIX capabilities? Well here is a FAQ [guardian.no] that goes into what is in the kernel. The traditional definition of capabilities are used by, for instance, EROS [eros-os.org]. This is incredibly secure. So when the POSIX standard was being developed for improving security by borrowing VMS' "privileges" they deliberately called them "capabilities" to introduce confusion and make people think they were better than they are. (Not that they are not an improvement on the old...)
Now the good sendmail folks have at this point every reason to believe that this particular thinko is likely not limited to Linux. Hence their check which they would hope will catch other current examples, and future ones if other people mess up. If they didn't do something like this then their (already pretty bad) reputation for security would get worse as they are an obvious target for taking advantage of setuid bugs.
Cheers,
Ben