I hope everyone is paying attention!
|
| Author | Content |
|---|---|
| jimf Jul 19, 2006 4:02 PM EDT |
This thing affects nearly all the 2.6 kernel series! |
| grouch Jul 19, 2006 4:22 PM EDT |
jimf: The "This week at LWN" link has been up there for 5 days and the Debian server report was almost that long ago. Probably everyone who is affected and is likely to act, has. That compromise of the Debian server shows that just because it's a local exploit doesn't mean it's ignorable. |
| jimf Jul 19, 2006 5:08 PM EDT |
First, this isn't just Debian (this was a Red Hat find), and to my knowledge the 2.6.17-4 'fixed' kernel hasn't been in the repo for that long. I'm really not that concerned about this specific exploit, but, it does cover a huge range of kernels and is pretty easy to fix. Maybe it's overkill, but, I think we need to take it seriously. |
| grouch Jul 19, 2006 5:14 PM EDT |
jimf: I know it's not just Debian; didn't say it was. See the LWN link. Corbet was griping about this thing being first reported as a local denial of service hole. He said that initial report may be why distros were slow about taking it seriously. |
| jimf Jul 19, 2006 5:25 PM EDT |
grouch, And this has what to do with the price of corn :). Sorry, but I think we're on different tracks. |
| dcparris Jul 19, 2006 5:32 PM EDT |
> And this has what to do with the price of corn :). Um, drives it up? |
| grouch Jul 19, 2006 5:41 PM EDT |
jimf: It is exactly the vulnerability that is referenced. It was reported by rPath on 7 July, Corbet wrote his article on the 12th, pointing out that as of then only Ubuntu and Red Hat had updates available, 'gluck' was compromised on the 12th and reported here on the 13th. Now, 5 more days have passed and SecurityFocus is just now aware of the way the vulnerability is exploited? |
| jimf Jul 19, 2006 5:50 PM EDT |
Yes, that is important I suppose. These vulnerabilities need to be emphasised, and that's all good, but, my concern right now is to have the individual users aware of this one. > Probably everyone who is affected and is likely to act, has. 'Probably' is the key here. The last guy I talked to thought "wasn't that a brute password attack"... He's not the only one who is misinformed. |
| grouch Jul 19, 2006 5:58 PM EDT |
Ah, I see. The emphasis on the exploit itself might stand a better chance of reaching those who got the wrong idea about the vulnerability. If the attacker can get any local access, that hole lets him get root as well. |
| jimf Jul 19, 2006 6:02 PM EDT |
Yep, now ya got it :) |
| grouch Jul 19, 2006 6:10 PM EDT |
Yeahbut that dcparris guy said it drives the price of corn up. Thanks to you and your silly rootkit, the price of whiskey and gasohol just went up. Now barflies won't be able to afford to get drunk enough to pass out and will be out on the highways burning up dirtier gasoline instead of gasohol as they maim and murder other drivers. That's what's wrong with you GNU/Linux zealots -- you worry about little things like rootkits, ignoring the fact that almost everybody running MS Windows is root and rooted, while failing to see the big picture of keeping drunks too drunk to drive, or at least giving them more environmentally friendly fuel with which to careen down the interstates. |
| jimf Jul 19, 2006 6:50 PM EDT |
Well, that's our puritanical country's legacy grouch. blowing up stills. starting wars for the oil, it's a trend since Washington put down the wiskey rebellion. Eventually the plan is to take all human pleasures away no sex, no booze, no smokes, driving your car, highways, or anything else they can think of as fun, 'except' if we can pay the taxes on it (which with the elimination of jobs and falling wages you can't afford), or unless you're a member of congress. They're exempt. Expect those ('sin' taxes) to get to the point where no one will even be able to afford to run Linux.... oh, that's free?... Yeah, but corn costs real money... Besides, you can make wiskey from it... more taxes :)... Bankrupt you say??? |
| dinotrac Jul 19, 2006 7:07 PM EDT |
I just can't help but hop on this thread to ask if anybody else saw the bit on TV about Willie Nelson's BioWillie venture? I am not making this up... Nelson is involved in a company that makes biodiesel fuel. I find that very cool, but find the "BioWillie" name even cooler. I have just GOT to get me a BioWillie hat. |
| grouch Jul 19, 2006 7:26 PM EDT |
I don't eat enough french fries to make my own biodiesel. Just in case, though: http://journeytoforever.org/biodiesel_vehicle.html |
| jimf Jul 19, 2006 8:22 PM EDT |
> Willie Nelson's BioWillie venture? Yeah dino, I saw that one. In one way it's very innovative, but, I keep thinking that the Gov is going to decide that all those cars and trucks smelling like french frys is promoting obesity in America. Of course they'll have to tax or outright ban it accordingly. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!