severity 524373 wishlist thanks On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote: > package: linux-2.6 > severity: grave > tags: security > > as seen in recent articles and discussions, the linux kernel is > currently vulnerable to rootkit attacks via the /dev/mem device. one > article [1] mentions that there is an existing patch for the problem, > but does not link to it. perhaps this fix can be found in the kernel > mailing lists.
This isn't a hole - it just describes a proof of concept of an already-known way to hide yourself once you've already gained escalated privileges on a system. The "fix" referred to is presumably the CONFIG_STRICT_DEVMEM option (formally CONFIG_NONPROMISC_DEVMEM). This option is included, but not enabled, in the Debian 5.0.0 kernel. It is unlikely to get enabled within a stable release because it will be disabling an interface that existing applications may rely upon (the crash application is one I can think of, off the top of my head). However, this option is enabled in the 2.6.29 kernel available in sid. -- dann frazier -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org