Tuesday, February 12, 2008

et tu, Linux?

Well, how is that for a dramatic title? A little Shakespeare reference!

So, a few days ago, a _serious_ bug in the 2. 6 kernel (from 2.6.17 to 2.6.24.1) was discovered. Very well documented on what exactly it is and how to reproduce it locally (if you are one of those) in this Slashdot article. The issue is that a user can gain access as 'root' if the exploit is execute on your system, which means that now that user has complete access to your system.

On my personal laptop, it obviously doesn't matter. The issue is when you are running multiuser access servers, as in a University network. I am not a systems administrator, but if I was, I would be worried to say the list.

Well, it didn't take long to find a patch.

For us smart Ubuntu users, don't worry about things if you don't know what a patch means. Because we have the strength of Synaptic Update Manager with us. Just simply click on the update notification (which you should have received sometime today) and relax. If you are really curious, this is the issue that was patch'ed. It will update all the necessary headers, kernel image and source files.

If you are one of the unfortunate Fedora or RedHat users and running the affected 2.6 kernel, applying the patch to your kernel source and recompiling the kernel is do-able, but not without raising your heartbeat a few notches. This might work for you:

1. Get the patch from here. It also has a lot of information of how to apply it, etc.

2. cd to the kernel source (hopefully you have it installed). Generally should be /usr/src/linux-2.6.x.x. If not installed, try this:
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2

3. Apply the patch to the kernel source.
patch <

4. Compile and install. This can be little tricky if your kernel configuration (.config) is not created for your system. This would be the case if you just downloaded the source.

If you have the .config for your system, just follow these steps:
a) $ make

b) $ make modules

c) $ su -
# make modules_install

d) $ make install

This should have created the following in your /boot:
* System.map-2.6.x.x
* config-2.6.x.x
* vmlinuz-2.6.x.x

e) Create initrd image:
# cd /boot
# mkinitrd -o initrd.img-2.6.23 2.6.23

f) Update /etc/grub.conf (as in I am not a fan of LILO)

g) Say a prayer and reboot
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)