[Full-disclosure] Re: Linux kernel source archive vulnerable



On 9/8/06, Gerald (Jerry) Carter <jerry@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hadmut Danisch wrote:
> Hi,
>
> there's a severe vulnerability in the Linux kernel
> source code archives:

It is my understanding that the permissions are
intentionally set that way.

This hash been discussed several times over the
past year.

http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2



I skimmed them and it doesn't look like anyone has come up with a
reasonable explanation.

> The Linux kernel is distributed as tar archives
> in the form of linux-2.6.17.11.tar.bz2 from kernel.org.
> It is usually unpacked, configured and compiled
> under /usr/src. Since installing a new kernel
> requires root privileges, this is usually done as root.

The standard recommendation is to never compile
the kernel as root.



Which obviously doesn't help you when a non-root user edits the
kernel, you compile it as 'jerry' but still have to install it as
'root'. You're still hosed.

Is this an artifact of using git? There certainly is NO reason for any
kernel files to be world writable.

.cp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Etch on USB-HD wont boot - race condition?
    ... notebook but the kernel cannot find the root filesystem. ... I had an initial problem that I think I got solved: On boot, ... Begin: Mounting root file system... ... SCSI device sda: 78140159 512-byte hdwr sectors ...
    (Debian-User)
  • Re: Flaws in recent Linux kernels
    ... Many distributions include other programs which may be ... suitable for exploiting the kernel vulnerability. ... possible to install third-party SUID root programs which may be used. ... A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now ...
    (Bugtraq)
  • Re: [PATCH] System Wide Capability Bounding Set
    ... root, you can do anything you want to a machine. ... the threat model becomes how do we prevent one guest from attacking another? ... Which root filesystem do kernel helpers run in in such a setup? ... They need to be able to run arbitrary code in ring 0 of the VM. ...
    (Linux-Kernel)
  • Re: Beige PowerMac G3/266 trouble
    ... I downloaded the minimal "netinst" install CD image from ... The kernel initially seemed to load OK, and told me that it had found the ... At this point it threw up an error saying it couldn't open the root device ... request_module: runaway loop modprobe binfmt-0000 ...
    (comp.os.linux.powerpc)
  • Re: 2.6.9-rc2-mm1
    ... Fails to boot on my Altix. ... diff between 2.6.9-rc1-mm4 and 2.6.9-rc2 indicates some kind of PCI, ... Mounted root readonly. ... -doneshowconsole: Warning: the ioctl TIOCGDEV is not known by the kernel ...
    (Linux-Kernel)