Announcement

Collapse
No announcement yet.

Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • kraftman
    replied
    Originally posted by Luke_Wolf View Post
    Actually doing that is a rather interesting way to do a microkernel and there's this project http://www.mosa-project.org/ and Microsoft Midori doing a managed microkernel in C#. I'll definitely be interested to see if either of those actually goes anywhere.
    So, they use shit to make even worse and slower shit than winblows is?

    Leave a comment:

  • kraftman
    replied
    Originally posted by Cthulhux View Post
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
    And it is. It's far more secure than proprietary crap.

    Leave a comment:

  • nightmarex
    replied
    Originally posted by haplo602 View Post
    heh, just upgraded 3.2.12 to 3.7.9 ... oh well ... will have to look at gentoo updates/news
    Jeez was this a server or something, that's a good leap there!

    Leave a comment:

  • peppercats
    replied
    Originally posted by Cthulhux View Post
    Well, how do they say? "Open source is more secure because more people can see what's going on". Hahaha. Great.
    I wonder how many security flaws were identified in Windows(privately or openly) in the last year compared to Linux/BSD.
    Somehow, I think this is in the opensource's favor.

    Leave a comment:

  • haplo602
    replied
    heh, just upgraded 3.2.12 to 3.7.9 ... oh well ... will have to look at gentoo updates/news

    Leave a comment:

  • dee.
    replied
    Originally posted by wargames View Post
    A CIA agent for sure. Linus should really investigate kernel contributors before letting them submit code, because who knows how many CIA agents and/or M$ employees are willing to introduce backdoors in Linux ?
    Why don't you go then and carefully review each commit this CIA agent has submitted, there's bound to be more exploits if your hypothesis is true... really, you'd be doing us all a huge favour, we'd probably build you a statue or something.

    Leave a comment:

  • Ibidem
    replied
    Originally posted by Ibidem View Post
    1: If you're on Debian Wheezy or Ubuntu 12.04, you're still affected.
    The commit introducing this is actually from just before 3.2.
    2: The patch was committed by a Red Hat employee, but was written by a Parallels employee.
    Code:
    sock_diag: Initial skeleton
author	Pavel Emelyanov <[email protected]>	
	Tue, 6 Dec 2011 07:58:03 +0000 (07:58 +0000)
committer	David S. Miller <[email protected]>	
	Tue, 6 Dec 2011 18:58:01 +0000 (13:58 -0500)
commit	d366477a52f1df29fa066ffb18e4e6101ee2ad04
tree	267a65f626108423f73ef6dc0040b3b3171f7b45	tree | snapshot
parent	f13c95f0e255e6d21762259875295cc212e6bc32	commit | diff
    Now I'm off to build a new kernel for my Squeeze system*.
    1 is incorrect: it dates to a month before 3.2, but was committed to net-next rather than Torvald's tree.


    *I don't run straight Squeeze: I use an upstream LTS kernel, currently 3.4, plus several backports and built-from-git packages.

    Leave a comment:

  • finalzone
    replied
    A nasty local kernel vulnerability [LWN.net]
    http://lwn.net/Articles/539885/


    Apparently, with SELinux enabled on Fedora 18, the exploit code failed to run.

    Leave a comment:

  • wargames
    replied
    Originally posted by JS987 View Post
    David S. Miller is Red Hat employee
    http://en.wikipedia.org/wiki/David_S._Miller
    A CIA agent for sure. Linus should really investigate kernel contributors before letting them submit code, because who knows how many CIA agents and/or M$ employees are willing to introduce backdoors in Linux ?

    Leave a comment:

  • Ibidem
    replied
    1: If you're on Debian Wheezy or Ubuntu 12.04, you're still affected.
    The commit introducing this is actually from just before 3.2.
    2: The patch was committed by a Red Hat employee, but was written by a Parallels employee.
    Code:
    sock_diag: Initial skeleton
author	Pavel Emelyanov <[email protected]>	
	Tue, 6 Dec 2011 07:58:03 +0000 (07:58 +0000)
committer	David S. Miller <[email protected]>	
	Tue, 6 Dec 2011 18:58:01 +0000 (13:58 -0500)
commit	d366477a52f1df29fa066ffb18e4e6101ee2ad04
tree	267a65f626108423f73ef6dc0040b3b3171f7b45	tree | snapshot
parent	f13c95f0e255e6d21762259875295cc212e6bc32	commit | diff
    Now I'm off to build a new kernel for my Squeeze system.

    Leave a comment:

Previous 1 2 3 4 5 template Next
Working...
X