Sign in / up

back to article Stack Clash flaws blow local root holes in loads of top Linux programs

Powerful programs run daily by users of Linux and other flavors of Unix are riddled with holes that can be exploited by logged-in miscreants to gain root privileges, researchers at Qualys have warned. Essentially, it's possible to pull off a "Stack Clash" attack in various tools and applications to hijack the whole system, a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

  1. Anonymous Coward
    Anonymous Coward

    User friendly solution

    From the article: "The fix, by the way, is to rebuild and reinstall the dynamic library ld.so and executables with gcc's -fstack-check feature"

    Again, this is why flavours of Linux have difficulty being accepted in the mainstream for use by Joe Public

    / Rejects asbestos jacket for shield of truth

    0 7 Reply
    1. TonyJ
      Reply Icon

      Re: User friendly solution

      "...From the article: "The fix, by the way, is to rebuild and reinstall the dynamic library ld.so and executables with gcc's -fstack-check feature"

      Again, this is why flavours of Linux have difficulty being accepted in the mainstream for use by Joe Public

      / Rejects asbestos jacket for shield of truth..."

      No, I don't think it is.

      That's the immediate fix and it will undoubtebly be rolled out as a mainstream fix at some point down the line and is only the same as MS releasing patches before patch Tuesday - it tends to be IT pros that go looking for them, not your average user.

      The two things, in my personal opinion, that have held Linux back from the desktop have been the fact that your average Jill or Joe user goes to their local PC World, and buys whatever is off the shelf that slimy salesperson with no real knowledge sells them. That'll come with a copy of Windows.

      And...they are happy because that's what they use at work.

      Secondly, there's been a traditionally contemptuous barrier to entry on some of the more mainstream Linux forums, such that when they hear about it and decide to give it a go, they get shot down in flames.

      Now I don't know if the latter is still true today, to be honest as I've had no reason to frequent any forums for some time.

      4 0 Reply
    2. Brewster's Angle Grinder Silver badge
      Reply Icon

      Re: User friendly solution

      Not a linux zealot, but would you trust the people who put it on their desktop or the people who put it on servers (and build it in mobile phones) to have a better grasp of security?

      0 0 Reply
  2. Herby

    sudont

    Enough said.

    If you need root access for some reason, you should know the root password and use su. If you don't know how then who are you anyway, and get off. Sudo is a pretty big crutch, and is used WAY to frequently. Sadly I have to use it as well, but that is a topic for another rant.

    2 4 Reply
    1. englishr
      Reply Icon
      Linux

      Re: sudont

      @Herby

      My most common sudo use case is to allow users to become another non-root user in a logged shell, e.g.

      %dba ALL=/usr/bin/rootsh -i -u oracle

      So, the DBAs can become the oracle user, but the session is logged. If you have a better way to achieve this, I'd appreciate hearing about it.

      2 0 Reply
  3. Ramazan

    no info on whether their proof-of-concept works on grsec systems

    0 0 Reply
  4. David Roberts

    So,

    sudo su - is a bad thing?

    Oops!

    1 0 Reply
  5. Bronek Kozicki

    Update for 24th June

    Kernels 4.11.7 and 4.9.34 (and soon 4.12) gained some level of protection, thanks to change from Hugh Dickins "mm: larger stack guard gap, between vmas". As explained by author how this works:

    Make those attacks less probable by increasing the stack guard gap to 1MB (on systems with 4k pages; but make it depend on the page size because systems with larger base pages might cap stack allocations in the PAGE_SIZE units) which should cover larger alloca() and VLA stack allocations. It is obviously not a full fix because the problem is somehow inherent, but it should reduce attack space a lot.

    One could argue that the gap size should be configurable from userspace, but that can be done later when somebody finds that the new 1MB is wrong for some special case applications. For now, add a kernel command line option (stack_guard_gap) to specify the stack gap size (in page units).

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like