Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Exploit for Linux Kernel 2.6.30+ Published->

Submitted by
Lorien_the_first_one
Lorien_the_first_one writes "The Register reports that "A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews."

The article points out that several areas of the kernel, in particular, the function "setuid", are involved in this new exploit. "The exploit code was released Friday by Brad Spengler of grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses."

What I find interesting about the article is that although it focuses on newer versions of the kernel, near the end of the article, they offer the following food for thought: "Setuid is well-known as a chronic security hole," Rob Graham, CEO of Errata Security wrote in an email. "Torvalds is right, it's not a kernel issue, but it is a design 'flaw' that is inherited from Unix. There is no easy solution to the problem, though, so it's going to be with us for many years to come."

A chronic security hole? In Linux?"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Exploit for Linux Kernel 2.6.30+ Published

Comments Filter:

In a consumer society there are inevitably two kinds of slaves: the prisoners of addiction and the prisoners of envy.

Working...