Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - Exploit for Linux Kernel 2.6.30+ Published (theregister.co.uk)

Lorien_the_first_one writes: "The Register reports that "A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews."

The article points out that several areas of the kernel, in particular, the function "setuid", are involved in this new exploit. "The exploit code was released Friday by Brad Spengler of grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses."

What I find interesting about the article is that although it focuses on newer versions of the kernel, near the end of the article, they offer the following food for thought: "Setuid is well-known as a chronic security hole," Rob Graham, CEO of Errata Security wrote in an email. "Torvalds is right, it's not a kernel issue, but it is a design 'flaw' that is inherited from Unix. There is no easy solution to the problem, though, so it's going to be with us for many years to come."

A chronic security hole? In Linux?"

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Exploit for Linux Kernel 2.6.30+ Published

Comments Filter:

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...