 |
(OLD) (ARCHIVED) Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info This forum can also be accessed as http://oldforum.puppylinux.com It is now read-only and serves only as archives. Please register over the NEW forum https://forum.puppylinux.com and continue your work there. Thank you.
|
FAQ
Search
Memberlist
Usergroups
Profile
Log in to check your private messages
Log in|
The time now is Tue 26 Jan 2021, 17:44 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
Many Millions of Linux are affected by this security hole
|
|
View previous topic :: View next topic |
| Page 1 of 4 [57 Posts] | Goto page: 1, 2, 3, 4 Next |
| Author | Message | ||||||||
|---|---|---|---|---|---|---|---|---|---|
|
gcmartin
Joined: 14 Oct 2005 Posts: 6730 Location: Earth |
Reported yesterday. _________________ Get ACTIVE Create Circles; Do those good things which benefit people's needs! We are all related ... Its time to show that we know this! 3 Different Puppy Search Engines or use DogPile |
||||||||
|
|||||||||
 |
|||||||||
eric52
 Joined: 16 Nov 2015 Posts: 252 Location: Southbury, CT |
Thanks GCM, I'm glad I never gave in to the temptation to bank online. _________________ Today only. Anger not. Worry not. Be grateful working karma. Be kind. |
||||||||
|
|||||||||
|
|||||||||
|
Scooby
Joined: 03 Mar 2012 Posts: 601 |
I tried the reported kernel vulnerability. Took the addresses from system.map for my kernel version 4.1.6 for prepare_kernel_cred and commit_creds It took 37 min to complete
I am still not root at the end? Maybe a bit overestimated this bug? I couldn't reproduce? posted at their site about it too but seems like they deleted it? perhaps they just want publicity? Last edited by Scooby on Wed 20 Jan 2016, 15:50; edited 1 time in total |
||||||||
|
|||||||||
|
|||||||||
Ted Dog
 Joined: 13 Sep 2005 Posts: 4013 Location: Heart of Texas |
I worked at a top three security documents company and transfer programs between investment group banking and Federal Reserve.. I also do NOT do online banking. There is solid active involvement realtime to stop those problems but I only saw it at the intrabank level 
|
||||||||
|
|||||||||
|
|||||||||
|
gcmartin
Joined: 14 Oct 2005 Posts: 6730 Location: Earth |
Hello all. @Scooby, the "Security" is an Industry unto itself. Some of the recent years finds are a discovery disclosure for which there have been no known exploits. It does gather our attentions. I have often wondered if its about tooting their own horns or if intending to invite exploit attempts or to make exploiters aware of "open doors" so that they can say "I told you so". In Corporate meetings over the many years, the Security people use tactics to get financing from top management. I understand that they have a job to do and to protect. This is done in showing value to the organization in some cases. At fiscal end, their report of thwarting potential exploits allows their budgets to remain. This is NOT always the case, but, raising worldwide awareness of a bug that has no history of exploits make you wonder why it just wasn't closed without the fanfare. FYI Last edited by gcmartin on Wed 20 Jan 2016, 16:24; edited 1 time in total |
||||||||
|
|||||||||
|
|||||||||
rufwoof
 Joined: 24 Feb 2014 Posts: 3725 |
For Puppy where users run as root anyway ... users gaining access to root isn't a vulnerability ... its a feature. Therefore only if you're running servers is this a issue, otherwise just count it as anti-Linux noise. _________________ ( ͡° ͜ʖ ͡°) :wq Fatdog multi-session usb echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh |
||||||||
|
|||||||||
|
|||||||||
8Geee
 Joined: 12 May 2008 Posts: 2190 Location: N.E. USA |
It would appear that one must not be root at the start of the test. One then becomes root at the end if the bug is present. _________________ Linux user #498913 "Some people need to reimagine their thinking." "Zuckerberg: a large city inhabited by mentally challenged people." |
||||||||
|
|||||||||
|
|||||||||
greengeek
 Joined: 20 Jul 2010 Posts: 5834 Location: Republic of Novo Zelande |
Everything after that uses kernels that are well penetrated. |
||||||||
|
|||||||||
|
|||||||||
|
Daleb
Joined: 21 Jan 2016 Posts: 33 |
user jamesbond says this is a troll story http://www.murga-linux.com/puppy/viewtopic.php?p=883124#883124 |
||||||||
|
|||||||||
|
|||||||||
|
jamesbond
Joined: 26 Feb 2007 Posts: 3475 Location: The Blue Marble |
You must have something wrong on your head Bindee. I did not say that this thread is a troll story; I am saying that you --> "DALEB" <-- is a troll, another sockpuppet from the troll Bindee. Your first two posts after you registered is: a) Is Fatdog64 Contributed thread infested with RATs? b) The just released Fatdog64 702rc has a compromised kernel. Yet, you are not a Fatdog64 user nor a Puppy user. So why should you care? You, sir, is a troll. Your presence here in this forum is a disservice to all. You do not belong here. Now go back to where you came from, troll! 
_________________ Fatdog64 forum links: Latest version | Contributed packages | ISO builder |
||||||||
|
|||||||||
|
|||||||||
mavrothal
 Joined: 24 Aug 2009 Posts: 3108 |
Would be nice if people bather to look past the headlines and look a bit further.
Puppy runs as root. Puppy is NOT multi-user. Puppy (usually) is not a server. So, yes this is a kernel bug that can affect servers and multiuser machines given that someone has local access to it. If someone has local access to your puppy I do not think will require any bug exploit. Regarding Android, the user must install the malicious app (none know yet)... _________________ == Here is how to solve your Linux problems fast == |
||||||||
|
|||||||||
|
|||||||||
6502coder
 Joined: 23 Mar 2009 Posts: 682 Location: Western United States |
Much ado about not a lot, according to ZDNet: http://www.zdnet.com/article/how-to-fix-the-latest-linux-and-android-zero-day-flaw |
||||||||
|
|||||||||
|
|||||||||
|
gcmartin
Joined: 14 Oct 2005 Posts: 6730 Location: Earth |
Thanks @6502Coder. The article drives home what I shared earlier. _________________ Get ACTIVE Create Circles; Do those good things which benefit people's needs! We are all related ... Its time to show that we know this! 3 Different Puppy Search Engines or use DogPile |
||||||||
|
|||||||||
|
|||||||||
|
Scooby
Joined: 03 Mar 2012 Posts: 601 |
Okay what I gained from reading the link is that my test to elevate privileges on kernel 4.1.6 is beause SMEP or SMAP is activated. SMEP and SMAP seems to be activated by default if CPU supports it? I cannot however to find any command to check if SMEP or SMAP is activated for my booted kernel? Does anyone know? *EDIT* Saw some mention that this could verify SMEP
also to see if kernel supports SMAP
When searching for SMEP and SMAP with my cpu it seems I have neither So why does the exploit fail? . |
||||||||
|
|||||||||
|
|||||||||
|
starhawk
Joined: 22 Nov 2010 Posts: 5056 Location: Everybody knows this is nowhere... |
Well put indeed. This is FUD at best... as are most of these supposed 'exploits' or 'flaws'. Linux is about 95+% secure from this crap (assuming you don't run WINE) -- not by design, but because nobody of consequence in any position to create an exploit like that actually cares about Linux anything anywhere. It is wasted time and productivity better spent elsewhere. The few exceptions to this rule (Wikipedia has a page on them) are not really worth mentioning -- a double handful (maybe) of abortive efforts, all at least five years out of date (and I want to say more like fifteen for most). A goodly percentage aren't even in circulation anymore as I understand it. They have been completely eradicated. Viruses, worms, trojans, etc are about MONEY, just like everything else in this world. Money, and want of it, and greed over it. Think of all the fake antivirus crap that Windows users get, begging them to install backdoor-laden programs that just spew out more of the same. Look at Cryptolocker and its ilk. Not to mention that "FBI" virus that had people mail prepaid Wal*Mart cards to strange addresses. Yes, all of those actually WORKED, at least enough to satisfy their creators. There is no meaningful market for that trash here on Linux, and there never has been, because not enough people are willing to move here from The Dark Side to make it worthwhile. (Perhaps we should be thankful, particularly given the state of modern computer education...) If M$ ever goes under *and* people don't just shuffle over to That Fruit Company and get their daily dose of bloated disposable crapware from there, then we might at that point have something to talk about. In the meantime, Shakespeare said it best. "Much ado about nothing." A statement particularly true, in this case, of Puppy Linux as a whole. _________________  |
||||||||
|
|||||||||
|
|||||||||
Many Millions of Linux are affected by this security hole
| Page 1 of 4 [57 Posts] | Goto page: 1, 2, 3, 4 Next |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group