Goddammit Linus

theregister.co.uk/2016/10/21/linux_privilege_escalation_hole/

Goddamn you and your shitty assed kernel

Other urls found in this thread:

security-tracker.debian.org/tracker/CVE-2016-5195
github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
cvedetails.com/vulnerability-list/vendor_id-97/year-2016/Openbsd.html
github.com/dirtycow/dirtycow.github.io/wiki/PoCs
lwn.net/Articles/704078/
hack.org/mc/texts/classic-multics.pdf
twitter.com/SFWRedditVideos

It has already been patched. If your distro hasn't pushed the patch yet, your distro a shit

Has Debian not patched this yet, or is it just that their packages website still hasn't updated (which actually happens very often)?

i know arch has..

Silly me, it was in the fucking article.
security-tracker.debian.org/tracker/CVE-2016-5195

According to CVEDetails the Linux kernel has 171 known exploits during 2016.

OpenBSD kernel has 6.
Can someone tell me why the fuck I'm still using Linux?

Hardware support & other general momentum?

I wish Minix was relatively more developed with more of a 'NixOS' userland -- I'd switch in a heartbeat.

If more people use an OS, more people will look for issues with it. Though I'd like to believe the OpenBSD guys take more time to review their stuff.

How many of those can be reliably exploited or are actually severe, how many don't require user intervention, and how many of those can be exploited remotely? You aren't going to compare a DoS exploit, a mere annoyance in most systems, to a root escalation exploit, an actual security risk.

So if this is on Android does this mean a shitload of phones now have root available? Nifty.

Already updated my Fedora install. Didn't Windows have an exploit around for like 12 years?

Yes, if you can actually get inside them. That said, Android's permissions system is so tight you may achieve jack shit unless you are trying to exploit some very specific apps or directly rely on the user installing your malware on their own.

Someone on stackoverflow compiled this on termux and got root:
github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c

I'm gonna see if there's anyway i can get this working on my KitKat device and maybe make an app that does it automatically and post it on XDA.

Oh shit, you actually believe Linux has more found exploits because it's more widely used and/or worked-on? Holy fuck. It's this Red Herring again. No, bra, you're wrong. Just fucking wrong. The two kernels follow pretty much opposite development models. If the bsd kernel OpenBSD uses was installed on every machine on the planet I would be very surprised if the number of found exploits rose to 171...

Tell me more.

That's cool, skip the part afterward.

What kernel version patches this?

It depends on your distro.

C FAGGOTS BTFO

I sometimes think C is designed to fuck up if you don't do it exactly right.

There is no page 2 at cvedetails:
cvedetails.com/vulnerability-list/vendor_id-97/year-2016/Openbsd.html
Gibe ling nigga

spoiler test

C was designed to be barely higher level than asembler so you can write compiler for it easily. Preventing fuckups was not goal of C language, if it was then it would refuse to compile undefined behaviour.

not having a patch YET doesn't make a distro "shit".

Arch Linux doesn't seem to be vulnerable. (Patched?) (Tested on DO using a script that installs Arch on debian)
Fedora 24 x64 crashes when I use the dirtycow-mem PoC
github.com/dirtycow/dirtycow.github.io/wiki/PoCs

...

None of the OSes we have are secure locally, this isn't a big deal. It'd have been a big deal if it was remotely exploitable or a KVM exploit.
For those of you who argued with me that LXC and Docker were usable for security, guess what? You're retarded. Hardware-level virtualization is reasonably secure and the only thing you should put any trust into.

Yes, yes it does. In the Linux world, you're either using RedHat or Debian, or you're a clueless faggot who picked a distribution because the default desktop background looked nicer.

Namespaces and cgroups are much better than nothing. The overhead of full virtualization is not always acceptable.

Are you someone who doesn't use locks at all because they can be picked?

Gentoo has 4.4.26 and even 27 in the repos.

debian masterrace

Yes it does. The patches were released 2 days ago. If your distro hasn't pushed them yet, your distro a shit.

lwn.net/Articles/704078/

The exploits for my version is exist only on android. Though i know there is a dos attack for it too.

C was ok in the old days (early 90's and prior), before all this security nightmare shit.
But even if you switch language now, you'll still be running on botnet hardware, so exploits will probably just become more intricate. I think you have to fix both, or else you'll just be pretending to be secure and waste lots of time. Then again, maybe that's the whole idea behind this security theatre shit? There's a lot of people out there making big bucks from this shit.

All it takes is one web browser exploit to gain local access, so it is kind of a big deal. It's not like web browsers have been getting leaner, meaner and more secure. Instead they get more bloated and slower, and the "solution" is to pile on lots of scripts on top of this house of cards.

what the fuck

Linux has 171 thousand drivers.
OpenBSD has 6.

Unfortunately, the other *nix options aren't that good when it comes to security either. spender has been lambasting them for years as well, especially OpenBSD, which prides itself about security and tries to make people believe it's so great, but isn't...

Let's just look at ASLR. It was invented by the PaX Team in 2001. ASLR broke a number of direct exploits based on predictable memory addresses. Even nowadays, it still raises the cost for attackers, who have to use infoleaks to get around it, so I'd say it's still an effective component of defense in depth. PaX has a plugin for sanitizing the kernel stack, as well as better allocated / freed memory sanitization, thereby removing a whole class of infoleaks, BTW.

* Linux grew PIE support in 2003 and other ASLR aspects in 2005. Even KASLR in 2014, but that barely provides any security in return for its complexity, as predicted by PaXTeam and spender from the get go, and as shown by the many KASLR bypasses of the past two years;
* OpenBSD implemented some ASLR features in 2003, but didn't implement PIE until 2008;
* NetBSD didn't enable ASLR by default until 2016 (!);
* FreeBSD still doesn't have ASLR because some of its maintainers refuse it because "it's not really effective". The HardenedBSD derivative has it, for good reason, though;
* for completeness: Solaris recently grew ASLR support, but it wasn't there in the discontinued OpenSolaris, and AFAICT, its derivatives don't have it;
* MacOS X (and iOS) got ASLR after Linux did.

In 2016, OpenBSD was trounced by kernel fuzzers, just like Linux, finding easy DoS and LPE.

OpenBSD reinvents a subset of PaX/grsecurity's wheels in NIH mode: look at what the PaX Team and spender wrote and said about W^X.

That's a lot of masturbation, my primate friend. You are what, 13 years old?

WTF I hate Linux now.

So how many of these exploits do you think affects GNU/Windows NT over GNU/Linux? :^)

local privilege escalation bug? eh

I worry more about web browser bugs, I just assume any remote code execution = root

You mean on the lines of Return Oriented Programming (ROPs)?
They're useful for hacking game consoles like the 3DS

Not an argument

QEMU/KVM and Xen had some of the worst vulnerabilities ever discovered this year.

None, because on Windows NT they are called security features.

windows 95 is more secure than linux, because none of the win95 viruses are in circulation anymore.

You really don't need to care about this, blocking javascript and being careful with your net connection is the best possible protection.

If you're dependent on something for a business you should get good and write your own stuff.

I know you're Joshing us bro. But Windows 95 was never designed to be a truly networked multiuser OS. What I mean is; the login screen, for example, is purely superficial. Because the system was designed for consumers of 1995 who barely used the internet. Everyone in networking at this time used Windows NT or UNIX System V. Its not truly secure in any way

Sure it is. You spend all this time validating flawed x86 architecture with some stupid hacks. This isn't fixing anything, it's just a security theatre.

...

The real problem is C. Until we move away from C, all software will have exploits like this.

Lienux shills BTFO, but windows sucks.

Big fat hole for years, stay salty Holla Forums

Everyone who cares about computer security should read this.
hack.org/mc/texts/classic-multics.pdf

NT has to have some kind of way of escalating privileges doesn't it?

Yeah, just replace sticky keys with command line

I've already spilled a few gallons of semen to Tifa you son of a bitch

Virgin spotted, you should try the real thing, get a hooker if you don't have any game.

You can't compare the development because on has far more activity than the other. OpenBSD is intentionally slow which translates to having fewer features and having fewer drivers. Linux supports far more architectures and hardware devices than OpenBSD. By this fact alone, it's sensible to understand why the kernel that supports a much wider scope of functions will find more countable bugs.

Is this a markov bot?

...

anyone know how to exploit this bug to gain root access on android devices?

Arinerron over at github has created a simple root.sh script


1 Get to a PC that runs on a Linux OS and has Android NDK installed.
2 Download and unzip the root.zip file from the download link above. You’ll get a root.sh file.
3 Enable Developer options and USB debugging on your Android device.
4 Connect your device the Linux PC.
5 Run the root.sh script file on the PC and it’ll install a ‘run-as’ binary on the device which you can use to execute packages with root access.

Is this the one which makes you root in a locked-down selinux context? That's kinda useless since you can't write to any useful files.