Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 28 Jul 2014, 06:27
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Clever attack exploits fully-patched Linux kernel
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [13 Posts]  
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 08 Feb 2010, 08:57    Post subject:  Clever attack exploits fully-patched Linux kernel  

Hi Guys
Been keeping my eyes open so our warrior worriers
have something to get their energy into Wink
http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/

Not sure if it is applicable
but may be of interest . . .

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Mon 08 Feb 2010, 09:39    Post subject: This is real, if you allow attackers to get that far.  

The null-pointer de-reference vulnerability has been around for ages. The compiler optimization which removes the code which checks for this illustrates the serious problem of preserving semantics during optimization.

If you look for errors in preserving semantics, you can find them. Many optimizations could be characterized as "I hope this makes things faster without breaking anything". The surprise is not that he found such, it is the size of the class of vulnerabilities exposed.

In addition to actual problems of preserving well-defined semantics, there is the problem that many people writing code do not understand the precise semantics of the constructs they are using. This leads to another class of vulnerabilities, which might be classed as psychological. (Here's an example: if an integer is equal to its negation, it must be zero. Right?)

Linus is right in saying that no one should be surprised about attackers gaining root privileges if you let them make arbitrary kernel calls. He is off in a dreamworld if he doesn't recognize that running a LAMP installation (Linux, Apache, MySql, PHP) is a very common practice which can allow malicious programs from the web to do exactly that.

I'm convinced that a series of attacks on Puppy-related sites gained entry through PHP vulnerabilities.
Back to top
View user's profile Send private message 
abushcrafter


Joined: 30 Oct 2009
Posts: 1447
Location: England

PostPosted: Mon 08 Feb 2010, 10:44    Post subject:  

This is a disaster! Is puppy at risk?
Back to top
View user's profile Send private message Visit poster's website 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Mon 08 Feb 2010, 13:42    Post subject: are you at risk?  

abushcrafter wrote:
This is a disaster! Is puppy at risk?
Are you running a web server supporting PHP as root? In general, Puppy is careful not to allow remote exploits, because it expects the person operating it to be running as root.

For cases where it runs a server, there is a special, limited-privilege user named spot. The default HTML server is Hiawatha, not Apache. If you are careful to set up a default firewall before you go on-line, you should be browsing in "stealth" mode. For most purposes, a remote program can't even tell if your ports exist.

An attacker who expends the hours of highly-skilled time required to crack a Puppy system will be dismayed to learn the exploit has a very limited target population. An exploit which works on 4.3.1 probably won't work on many puplets. A straightforward economic analysis suggests he would be far better off cracking Ubuntu systems. As for Windows, consider the following.

If you think this is "a disaster" you must not know the current state of internet security. A recent study found 48% of computers already infected. In this case, there is no need to "crack" these systems, they are already cracked. (There is an underground economy on which system crackers might sell such systems to those who exploit them for perhaps 10 cents apiece. How much skilled time can you buy with 10 cents?) A study by other security researchers, using a different methodology, could probably go back and find infected systems that report missed.
Back to top
View user's profile Send private message 
abushcrafter


Joined: 30 Oct 2009
Posts: 1447
Location: England

PostPosted: Mon 08 Feb 2010, 14:55    Post subject:  

Yes, your right I don't know much on this stuff at all Embarassed.
Back to top
View user's profile Send private message Visit poster's website 
Sit Heel Speak


Joined: 30 Mar 2006
Posts: 2595
Location: downwind

PostPosted: Mon 08 Feb 2010, 15:35    Post subject: The Pulse Audio / SELinux null pointer dereferencing exploit  

@Lobster: thanks very much for posting this.

From the source code to Mr. Spengler's exploit.c:

Quote:
The kernel should be compiled with -fno-delete-null-pointer-checks
to remove the possibility of these kinds of vulnerabilities
turning exploitable in the future which would be impossible to spot
at the source level without this knowledge.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Mon 08 Feb 2010, 17:45    Post subject: getting close to Ken Thompson's idea  

This problem introduced by compiler optimization brings us closer to a nightmare possibility Ken Thompson described in his Reflections on Trusting Trust. N.B. At the time he wrote this, M$ was working for IBM. The famous 1984 Apple MacIntosh ad was aimed at IBM.
Back to top
View user's profile Send private message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Tue 09 Feb 2010, 11:32    Post subject:  

I always knew pointers were evil. Sure, they act like they're your friend, building linked lists and passing variables without wasting time and space allocating new memory. As soon as your project deadline approaches, however, they start writing over some other program's memory space and getting accidentally set to NULL.
_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
tasmod


Joined: 04 Dec 2008
Posts: 1461
Location: North Lincolnshire. UK

PostPosted: Tue 09 Feb 2010, 13:36    Post subject:  

If you read later post details on that site you will see that this bug and the wi-fi bug have been solved in the newer kernel.
_________________
Rob
-
The moment after you press "Post" is the moment you actually see the typso Cool
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 09 Feb 2010, 13:48    Post subject:  

which Puppies use that older kernel then? How does the newbie know about such?
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Sit Heel Speak


Joined: 30 Mar 2006
Posts: 2595
Location: downwind

PostPosted: Tue 09 Feb 2010, 15:43    Post subject:  

tasmod wrote:
If you read later post details on that site you will see that this bug and the wi-fi bug have been solved in the newer kernel.
Well...it is solved for the particular instance in which it was found in the /devices/net/tun device setup source...but that is not to say that a similar null pointer vulnerability might not be introduced in code for some other device elsewhere in the kernel source, now and in the future.

So, if compiling the kernel with gcc, and if using the usual Puppy kernel-compile sequence of

make distclean
make clean
(or, in lieu of the above, make mrproper)
make menuconfig
make
make modules_install

...the -fno-delete-null-pointer-checks CFLAG should be invoked, by appending it to the line which sets HOSTCFLAGS in the top-level kernel Makefile--for example, in 2.6.31.6, changing the line in /usr/src/linux-2.6.31.6/Makefile from
Code:
HOSTCFLAGS  = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
to
Code:
HOSTCFLAGS  = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks

. This will prevent (knock on wood) *any* similarly-introduced null pointer problem from opening the vulnerability (heh...famous last words...)
Back to top
View user's profile Send private message 
Kirby


Joined: 28 Dec 2009
Posts: 52
Location: Oregon, US

PostPosted: Thu 04 Mar 2010, 19:36    Post subject:  

AAAArgh
I was feeling all smug this morning because I was thinking I was Mostly safe from Malware and such. Last night I downloaded a small "Free" piece of software on my Puppy to install on my Old XP box to try and network my new Ancient IBM Thinkpad running win95 to XP . I have to do this because it's now the only way to transfer files over to it via a Direct Cable Connection. Well Low and behold soon as I executed the file it installed a nasty Virus on the XP box. At least it had the decency to inform me right away! LOL I am reformatting it as I write this.

I came on here to see if there were any Puplets made just for Virus scanning and such when I saw the new thread on Rootkits in Puppy! I quickly ran to the kitchen for my colander and neatly wrapped it in tin foil to prepare for battle!

After much reading in here I guess it just comes down to playing it safe with some preparation and luck. If I had virgin hardware, plenty of software protection and never let my computer get on the net or swap files with another, perhaps I would be at very low risk. But Life is only fun when there is some risk involved so I guess it goes with the territory to some extent.

This exploit on the Kernel brings up another question for me now. Does the feature "Trim the Fat" when installing Pets also create this vulnerability as well?

PS. Would it be safer to use an IBM mainframe from the mid 60's using only a card reader to get on the net? Or would they use the Y2k Bug to "Poke Holes" in it too?

Kirby

_________________
"When you come to your cross roads, step off the road and go down the path of your own making".
~Bohemian proverb~

*edit* "When you're lost in the woods from straying from the road, Always be sure to carry a Flashlight!"
~Improved Bohemian Proverb~
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Fri 05 Mar 2010, 01:27    Post subject:  

Quote:
I quickly ran to the kitchen for my colander and neatly wrapped it in tin foil to prepare for battle!


That's the spirit.
Puppy is at the stage were it has to consider the security aspects
and we may have to create a wiki page on custom building
a colander.

Anybody use Wardog - or is telling us a security risk?
http://greylodge.org/gpc/?cat=145

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [13 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0829s ][ Queries: 12 (0.0047s) ][ GZIP on ]