Weakness In Linux Kernel's Binary Format 281
Goodfellas writes, "This document aims to demonstrate a design weakness found in the handling of simply linked lists used to register binary formats handled by the Linux kernel. It affects all the kernel families (2.0/2.2/2.4/2.6), allowing the insertion of infection modules in kernel space that can be used by malicious users to create infection tools, for example rootkits. Proof of concept, details, and proposed solution (in PDF form): English, Spanish.
Problem: Sometimes you want to limit root. (Score:4, Interesting)
Solution: Don't give your chroot jail access to the binfmt filesystem. I'm not sure how this can be done, though, as root is allowed to mount pretty much whatever it wants.
Real solution: Don't bother to compile in binfmt support. The only reason for the kernel to recognize any format other than elf or a.out is to call an interpreter to run that file with elf or a.out. Every shell I know of recognizes the shebang at the beginning of most scripts (perl/python/ruby/bash), and you generally launch programs through the shell. Most people will be running programs from the GUI, where this is even less of a problem -- for the most part, they'll be clicking on icons which contain a command like "perl
However, I'd like to actually read the PDF and find out if I'm right about this. Damn Slashdotting.
Not the only one today (Score:4, Interesting)
They'll fix it. (Score:5, Interesting)
And it's important to remember things like this when you see Symantec, Microsoft, and others trying to spread FUD about Linux security. If anyone cares about this bug at all, even just as a matter of keeping the code neat, it will be fixed -- but it will also drive up the numbers of "Linux exploits patched recently". Always, always, always look at the relative severity of the exploits.
Disable modules (Score:2, Interesting)
Re:Compile Options (Score:3, Interesting)
Re:This is so not serious (Score:4, Interesting)
Think about it. Average Joe will demand admin access in order to change settings and install software. So we have to choose between removing that access entirely (so there's no password for Joe to type), or praying that Joe is smart enough to realize he's giving something admin access.
Really, can you possibly think of a solution to this kind of stupidity? Hell, I could simply craft a website -- maybe a Flash page -- that looks just like the Ubuntu password prompt. That way, I don't even need local user access.
I say this solution is reasonably secure because we don't really have anything more secure. Kind of like how Democracy sucks, but it's also the best we've got.
Securing a System from "Root". . . (Score:3, Interesting)
It makes little to no sense.
Root-level "hacks" are an oxymoron. Once you're root, the skies the limit. Why bother just tinkering with kernel modules when you can just replace the whole kit-n-kaboodle?
Re:Windows NT and privilege separation (Score:2, Interesting)