Exploit in 2.6 kernels
Please CC any reply to jmc AT xisl.com as I'm not subscribed - thanks We had 5 machines broken into last night all but one with kernel 2.6.8 and found a binary "krad-no-longer-private.c" had been downloaded It contains the string: k-rad.c - linux 2.6.* CPL 0 kernel exploit Discovered Jan 2005 by sd <[EMAIL PROTECTED]> If you want to look at it, I've copied it (with mode set to 444 of course) to www.xisl.com/hack Hope that is helpful -- John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Exploit in 2.6 kernels
Thanks to everyone for the pointers on this one I've rebuilt the kernels and we'll see what happens. Seems like they got in because on most of the machines I had an ancient sshd_config which allowed Protocol 1. When I installed newer sshds the newer sshd_config got stuck in as a ".rpmnew" file. >From what I can make out the "visitor" was from Interbusiness.it if anyone is interested. John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Exploit in 2.6 kernels
On Tue, 2005-04-12 at 14:08 -0700, Chris Wright wrote: > * John M Collins ([EMAIL PROTECTED]) wrote: > > Thanks to everyone for the pointers on this one I've rebuilt the kernels > > and we'll see what happens. > > BTW, I'd recommend updating to 2.6.11.7 so that you're protected from > another local root exploit. I'll do that - trouble is round where I am they dish out Nvidia cards like confetti, I've got them in the machine I use most and another 2 and you have to do all that gyrating with running the script to FTP down and build the secret module before you can run X. This is a big disincentive when it comes to installing new kernels. I wish some kind soul would speak nicely to Nvidia and get them to see reason on the point but I suspect I'm not the first person to wish that. (Or is there a sneaky way of patching the modules so they'll work in another kernel without tainting it?). John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Exploit in 2.6 kernels
On Wed, 2005-04-13 at 09:23 -0400, Lennart Sorensen wrote: > Graphics card companies don't realize they are hardware companies not > software companies and that it is hardware they make their money from? > Oh and they have too many lawyers? > > It seems to me that 2D graphics are a done deal, with no new inovation > taking place. Releasing programing specs for that part should be a no > brainer. If the nifty 3D routines are so important to keep secret from > the other guys then well keep those. Release the 2D programing specs! Where I am (in the UK) you more or less have to buy computers in bits and put them together if you want (like I do) to shuffle bits of hardware between different machines to suit varying needs or bolt on extra bits and pieces of new hardware and above all not pay M$ tax. The nvidia card seems the only one with reasonable performance at a reasonable price that fits on most motherboards that I can find.in these parts. > m-a is module-assistant which is used on debian to build a module If I ask nicely can I download it from anywhere? I've just finished building 2.6.11.7 and it might be nice to try it. Could I possibly make a suggestion for "make xconfig" in the kernel tree (and make other-kinds-of-config I suppose)? I currently routinely copy the ".config" out of the previous kernel tree before I start to save working through questions about sound cards I never heard of and so forth. Could it perhaps optionally initialise most of the settings to fit the current machine and/or grab the last lot of settings from /proc/config.gz? John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Exploit in 2.6 kernels
On Thu, 2005-04-14 at 16:02 -0400, Greg Folkert wrote: > A-Freakin'-MEN me droogy. > > Hehehe, either a slow system, or you know how to transfer a working > setup to another machine. > > My current image I use(d) for all of my machines was Built a long time > ago, I think slink was what I used to build it. On a Pentium-90. > > Currently on an Athlon XP3200+ with bells and whistles not even thought > of then. Moved through about 12 machines since the beginning. Just to say thanks again for your help - got 2.6.11.7 going everywhere without hitches. Of course I just called the kernels 2.6.11.7 everywhere so one version of the nvidia module fitted all. I also stuck it on a Dell laptop I've got - a Latitude 100L - and at last I've got ACPI working so I can see the battery level before it dies. Maybe our "visitor" did us a favour. (Sort of). -- John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Hangup using USB Flash "Disks"
Please CC me at [EMAIL PROTECTED] as I'm not subscribed. I'm using kernel 2.6.8.1 (from Mandrake 10.1 I usually like to build a custom kernel for each machine we've got). I've recently taken to using USB Flash "Disks" to carry stuff around on and I've not had any problems except on one machine.with exclusively SCSI disks (apart from the DVD writer). I don't have any problem mounting the disks but when I want to remove them the USB support seems to get itself into a knot - I can unmount them OK but when I physically detach them the USB stuff gets itself entangled waiting for an interrupt that never happens - I get "Immortal" processes - if I do cat /proc/bus/usb/devices or anything such as usbview which does the same thing the process becomes "immortal" and a creeping paralysis seems to come over the system so I have to reboot - and of course with so many directories being open everything has to be fsck-ed. I have the same kernel and general setup on 4 other machines with only IDE disks and have no problem plugging and unplugging flash disks. Could anyone advise what I can do? I'll be pleased to send configuration info or provide login information so you can poke around yourselves. -- John Collins Xi Software Ltd www.xisl.com Tel: +44 (0)1707 886110 (Direct) +44 (0)7799 113162 (Mobile) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
