Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

today's howtos

On the boundaries of GPL enforcement

Last October, the Software Freedom Conservancy (SFC) and Free Software Foundation (FSF) jointly published "The Principles of Community-Oriented GPL Enforcement". That document described what those organizations believe the goal of enforcement efforts should be and how those efforts should be carried out. Several other organizations endorsed the principles, including the netfilter project earlier this month. It was, perhaps, a bit puzzling that the project would make that endorsement at that time, but a July 19 SFC blog post sheds some light on the matter. There have been rumblings for some time about a kernel developer doing enforcement in Germany that might not be particularly "community-oriented", but public information was scarce. Based on the blog post by Bradley Kuhn and Karen Sandler, though, it would seem that Patrick McHardy, who worked on netfilter, is the kernel developer in question. McHardy has also recently been suspended from the netfilter core team pending his reply to "severe allegations" with regard to "the style of his license enforcement activities". Read more

KDE Leftovers

Android Leftovers