back to article Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'

A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege …

  1. Prst. V.Jeltz Silver badge
    Trollface

    Let the games begin...

    I look forward to intelligent discourse re the pros and cons of one OS over another now....

    1. Anonymous Coward
      Anonymous Coward

      Re: Let the games begin...

      I'm not worried I run Amiga OS on all my servers.

      1. Alan W. Rateliff, II
        Pint

        Re: Let the games begin...

        BSD on an Amiga 2000 with Blizzard 2060 FTW :)

        (Or the native Apache and PHP builds from Aminet. Whichever.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Let the games begin...

          PHP = instant security fail.

    2. CAPS LOCK

      "I look forward to intelligent discourse re..."

      Yes indeed, and also Carter advising how this problem occurred...

    3. jonnycando

      Re: Let the games begin...

      I'll stick with Linux. Rest of you go to windoze!

  2. wheelybird

    Yeah but

    who needs to exploit kernel-based vulnerabilities these days? Just exploit systemd vulnerabilities instead! :D

    1. ElReg!comments!Pierre

      Re: Yeah but

      And for the "reboot" part as well, since patching systemd would also require a reboot. systemd, bringing Linux to the WindowsME security level !

    2. Adam 1

      Re: Yeah but

      Not so fast. Shirley if you run systemd, you get the additional protection of its built in ASLR and antivirus packages.

      1. Graham Dawson Silver badge

        Re: Yeah but

        I misread that as ASMR.

        Though, if I'm honest, I wouldn't be surprised if systemd had a "module" that whispered gently in your ear to send you to sleep at night.

  3. Anonymous Coward
    Anonymous Coward

    "An unprivileged local user"

    local user -> game over

    1. Anonymous Coward
      Anonymous Coward

      Re: "An unprivileged local user"

      I'm not so sure , if the drives encrypted so user is confined to fighting from within the OS , you could maybe lock it down enough to stop them breaking it.

      If the drives not encrypted , boot from somthing else = pwnd

    2. DJ Smiley

      Re: "An unprivileged local user"

      They don't mean physically local I believe, you can pull this off just as easily on a vps.

      Just a non-privileged user.

      1. Naselus

        Re: "An unprivileged local user"

        "They don't mean physically local I believe"

        From the article:

        "The vulnerability is nasty but it'd be a whole lot worse if it were to lend itself to being remotely triggered, like ShellShock and its ilk. This flaw does not fall into that category, fortunately."

        That suggests a physically present attacker. I guess someone on a RAT or something might be able to make use as well, though tbh if someone has a RAT on your machine already then he might as well be in the room with you anyway.

        1. Benchops

          Re: "An unprivileged local user"

          I'm fairly sure a local user is just someone with a user account on the machine. It doesn't matter where they are. "remotely triggered" means triggered remotely by anyone with a network route to the machine over some network protocol (e.g. HTTP or FTP) with or without a user account on the machine.

          1. Anonymous Coward
            Anonymous Coward

            Re: "An unprivileged local user"

            If I read this correctly you need a user account on the machine. Which means it should be fairly difficult for some unknown person to get in... unless they're exploiting another problem or lax area of security.

            Then, if I read this correctly, they need to have access to a SUID script... something most people don't allow. Only then can they trigger this "exploit", so I don't think it's exactly an "open goal" .... unless I've misunderstood.

            Having said that I'll make sure I'm patched :-)

        2. Anonymous Coward
          Anonymous Coward

          Re: "An unprivileged local user"

          Clearly a lower class Brit would only count as an "Unprivelaged Local User" if the computer were in Britain. A middle-class Australian sitting directly in front of the machine would - of course - not pose a security risk.

    3. streaky

      Re: "An unprivileged local user"

      local user -> game over

      Not in theory (well away from windows anyway) - although throwing SUID into the mix...

  4. Anonymous Coward
    Anonymous Coward

    Please...

    ...the next time a Linux fanboy pops up and moans that Windows need a reboot after patching, can we smack this article around their head.

    Yes it may need it more (often it doesn't these days), but some fanboys insist Linux NEVER needs to be.

    No one on here of course.

    1. wheelybird

      Re: Please...

      There are several services that allow you to patch a running kernel. I use KernelCare myself and that's patched all the known vulnerabilities on systems that have been running for over a year.

      I believe Ubuntu and other vendors provide similar services.

    2. fandom

      Re: Please...

      So, you like company in your misery.

      Well, if it makes you feel better.

    3. Anonymous Coward
      Anonymous Coward

      Re: Please...

      >Please......the next time a Linux fanboy pops up and moans that Windows need a reboot

      That's reboot singular, the last W10 update I had required 2 and 25 mins of thumb twiddling. Defending W10 update is like trying to defend Ted Bundy, give up he's going to the chair.

    4. Anonymous Coward
      Anonymous Coward

      Re: Please...

      I know, right? Another day, another Linux exploit...

    5. Richard Plinston

      Re: Please...

      > and moans that Windows need a reboot after patching,

      While Windows does need a reboot after an update that replaces or patches the kernel, it also needs a reboot because Windows cannot delete or replace a file that is open due to the way the file system is designed. As many library files are open on a running system then it almost always needs a reboot so that files can be deleted and replaced during start up and before they are opened.

      Unix like systems using an inode file system can delete and replace files that are open because the file name is not directly linked to the data blocks but is done through the inode. An open file can continue to use the original inode while the update creates a new inode with its own set of data blocks and the file name is linked to the new inode. The old inode and its data is deleted when all processes have closed the old inode.

      This means that the vast majority of updates do not require a reboot. Some systems will do in-flight kernel patching that also does not require a reboot.

    6. Unicornpiss
      Meh

      Re: Please...

      <sigh> The difference is that it seems like *every* Windows patch session requires a laborious install, then a reboot, then another laborious bootup while it's "Getting things ready." or whatever it's doing, as it certainly doesn't share that information with you, then perhaps yet another reboot if the Windows kernel is being replaced.

      At least with Linux, 95% of the updates are speedy, verbose if you want them to be, and do not require a reboot. My only complaint with Linux kernel updates is that after the reboot you often have to struggle with your graphics drivers no longer working, at least if you use a proprietary driver and not the underachieving ones included with Linux. But IMHO, the overall pain is far less than what MS gives you.

      1. Fatman
        Linux

        Re: But IMHO, the overall pain is far less than what MS gives you.

        Ah, yes, that irritating

        Configuring Windows Updates, do not turn off your computer

        time sink of 5 or more minutes

        reboot

        Configuring Windows Updates

        time sink of 5 or more minutes

        desktop shows up, circle of death spinning as Windows tries to 'get its act together'

        click on a shortcut to a program, circle of death starts spinning, nothing happens

        click again, another circle of death, and finally, two instances of the program appear

        Boss screaming about me fucking off, but I can't do shit until Windows gets its act together

        And, people wonder why I abandoned personally Windows more than 10 years ago? Until I retired, I still had to content with that piece of shit O/S at work.

  5. Will Godfrey Silver badge
    Happy

    Patched

    Now, next question?

  6. billium
    Linux

    re-booting

    @Lost

    Most Linux users have used Windows, or are familiar with it.

    We all have seen "Windows needs to be re-started ... "

    As a MS fanboy you may claim Windows is the best at everything, but not this. :)

  7. jake Silver badge

    I knew I should have ...

    ... stuck with a.out

    Now GET COFF MY LAWN!

  8. cjcox

    Easy solution

    I run MSDOS, there hasn't been any major (or minor) security patches released for years!

    1. CrazyOldCatMan Silver badge

      Re: Easy solution

      I run MSDOS, there hasn't been any major (or minor) security patches released for years!

      Here - can you just check this floppy disk for me please? I want to check that the FORM virus is still on it..

  9. Daniel von Asmuth
    Linux

    Is that recipe Open Sauce?

    The article was accompanied by a photograph from an unknown source, showing what looks like little tuxes, or maybe just black olives without kernels. .

    1. Hans 1

      Re: Is that recipe Open Sauce?

      Made of olives (with pips removed), carrots, goats cheese.

      Recipee:

      1. Peel carrots, cut them in discs, cut out a segment to be used as beak.

      2. Cut half the olives side-ways, stuff with goat's cheese

      3. Place the beaks in the other half of the olives, using the opening created when the pip was removed.

      4. Place carrot discs, goat-cheese-stuffed olives, carrot stuffed olives above one-another and use a toothpick to attach.

      5. Serve with a St Emilion Grand Cru [Classé]

      Exactly what I will bring to work next time the guyz from Accenture show their backsides 'round 'ere ...

  10. whitepines
    Boffin

    Apparently there is a workaround for high uptime systems:

    sysctl -w vm.legacy_va_layout=1

    No need for emergency patch / reboot; this stops the attack cold until you can reboot in a more scheduled manner.

    From https://access.redhat.com/security/cve/cve-2017-1000253

  11. John Smith 19 Gold badge
    Coat

    Fortunately only superior *nix coders can cause this sort of mayhem.

    A sort of ELF Lord as it were.

    1. CrazyOldCatMan Silver badge

      Re: Fortunately only superior *nix coders can cause this sort of mayhem.

      A sort of ELF Lord as it were.

      I'm sure that they can ork out all the issues. After all, they are dwarfed by the massive advantages.

  12. Adam 52 Silver badge

    "Just run your usual package management tools to install the patched kernels and reboot."

    I guess some, maybe even most, can make this work. But for me this will involve desperately trying to create more space on /boot (not my decision to make it tiny, it's what the installer did by default, although in fairness to the installer vmlinux and friends are a lot bigger now than they were when it was written).

    Then it'll involve messing around in a 800x600 window trying to figure out what spell it takes to make the graphics work at proper resolution. I have to do this for every new kernel yet somehow can never remember what variables and symlinks need to be in place to get the driver to rebuild.

    1. John H Woods Silver badge

      /boot too small

      Just live boot from a distro that understands your FS and re-partition.

    2. DropBear

      A 800x600 window? Luxury! My mythtv box has the same res (hey, analog TV-out...), but I have to additionally remember NOT to switch off the machine when it hangs at every kernel update, because after 40 (yes, FOURTY) minutes it will actually realize I have no FDD then un-hang itself and proceed booting, and that's the only way it will ever boot again...

  13. Anonymous Coward
    Facepalm

    Poor show

    FAO Linus, go in shame and take your shareware OS with you!

    1. EnviableOne
      Thumb Up

      Re: Poor show

      Linus has been blasting kernel devs for poor coding for years, he obv just missed one.

      BTW in the cloudy world, why reboot, just spin up new server with updated kernel, tear down vulnberable one...

    2. CAPS LOCK

      J J Carter in new comment shocker...

      Not much of an improvement in troll value however. 2/10 Must try harder.

      1. Fatman
        WTF?

        Re: J J Carter in new comment shocker...

        Perhaps JJ Carter is the present day Loverock Davidson???

  14. Adam 1

    requires reboot

    ... Ok, someone's taking "year of Linux on the desktop" too literally.

  15. Anonymous Coward
    Anonymous Coward

    "kinda" is not a real word.

    It's "_an_ SUID ..."

    1. jake Silver badge

      That's OK.

      ACs are not real commentards.

  16. Anonymous Coward
    Anonymous Coward

    Dear fanboys of any OS

    You do nobody any favours by touting one over the other. Blind devotion to one OS over another is pointless, they are tools. By all means have a favourite but choose the tool for the job and always keep your eye on competitors.

    Many of us will favour Linux, others Windows but one thing I think we can all agree on is that they both need work and neither is perfect.

    1. kryptylomese

      Re: Dear fanboys of any OS

      What a pointless and vapid comment!

      You do do favours by touting one over the other and the obvious one to tout is Linux. Other readers may start to understand why people care about the differences if they are identified and detailed!

      1. wallaby

        Re: Dear fanboys of any OS

        "What a pointless and vapid comment!

        You do do favours by touting one over the other and the obvious one to tout is Linux. Other readers may start to understand why people care about the differences if they are identified and detailed!"

        What a pointless and vapid comment - just what Id expect from a blinkered penguinista

        Each has their place and until the penguins (SOME - NOT ALL) start acting like grown ups it will never see the light of day as the year of Linux on the desktop.

        fully expect adavanced muppetry in reply.

        1. cbars Bronze badge

          Re: Dear fanboys of any OS

          no Kermit vuln would be exploited by anyone other than an Animal! Just keep a Sam Eagle eye out and hold out your patch Beaker before Crazy Harry takes it to Penguins.

          If Windows is Gonzo win the OS war then I for one will jump off Clifford. Bobo Bear with me for a second, I can hear Miss Piggy automating some virtual machines now with the Swedish Chef - ha, what about Puppet?

          Flame wars, keep away from the non fire retardant entertainment systems, Statler and Waldorf would laugh at such a pointless and vapid argument

        2. kryptylomese

          Re: Dear fanboys of any OS

          You totally missed the rest of the post i.e. "Other readers may start to understand why people care about the differences if they are identified and detailed!"

          Can't you make your point without name calling "penguinista"?

          Just about everybody that I know on a professional level uses Linux as their desktop - you are most likely a Windows gamer who is unaware that you can an awful lot of games on Linux too.

          Linux is the most common operating system in the world where as Windows is:-

          Windows phone LOL - no need to comment

          Windows on super computers - has not been in the top 500 for many years now (it is all Linux)

          Windows Servers - LOL - crap on resource use, non performant, expensive, proprietary - EOL

          Windows 10 - Not bad for games as long as you don't mind MS slurping everything you do

          1. wallaby

            Re: Dear fanboys of any OS

            Actually Ive never played a game on my PC since minesweeper in the early days - so in your jump to conclusion you missed and face planted. Ive been working with PC's since 82/83 and have worked with every version of MS products and half a dozen flavours or so of Linux both at work and at home.

            My comment (as always) isn't about Linux. I actually like the OS and do use it both at home and work. My gripe is with SOME of the Linux community, I have never asked a question in a Linux forum without some Penguinista (and here's where I stick the moniker ) going off on one. My job is to make our systems work together, when I wanted to put a W95 VM on a Linux box the amount of abuse I got was amazing. When I ask questions that some consider beneath them they rant off rather than helping or ignoring. In addition to that, the likes of some on here (one in particular who shall remain nameless), every time Microsoft or Windows is mentioned in an article - regardless of whether Liunx is or not - all you get is M$, SLURP, MICRO-SHAFT or some other written diarrhoea - its soooooooooooo tedious.

            Regardless of what others think - it will NOTbe taken seriously as a desktop replacement if someone in a small office somewhere asks a simple question and gets the likes of SOME in the Linux community answering them. Whilst Microsoft is far from perfect, on the whole if you ask a question about windows, you tend (once you have got past the "it must be a virus mob") to get what could constitute an answer. Most of the people I know in the business have some form or another Linux system hanging around somewhere. Most of those I have spoken to would not deploy in a professional environment especially those in a larger company, and indeed one government department I worked extensively for wouldn't even allow a Linux box to be connected to the network (and that ruling was made by someone who has been an ardent Linux user since it first came out).

            The biggest bar to Linux in a professional environment is SOME of the Linux community (the Penguinistas). People choose Microsoft - they should just get over it and stop acting like a 4 year old.

            Each has their place.

  17. Anonymous Coward
    Anonymous Coward

    This has been known about for 2 years, it's just been reclassified.

    1. Steve Graham

      And, indeed, fixed in kernels more recent than two years. The issue applies to distros which have an older base kernel (for continuity/stability reasons, presumably).

  18. Hans 1

    Elf Binary ?

    Boahhh, I have a level 50 Paladin on the watch, nothing to fear here ...

    BTW, already patched ;-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like