[News] Linux Exploit: Dirty Cow

Source

From the article:

the article is worth the read. So yeah, everyone should update immediately.

5 Likes

Thanks for the really interesting and helpful insight!

You're welcome :)

Tried it on Fedora - SELinux was of no help, even as a user_r could edit files owned by root.
Update had a patch tho, the script doesn't work anymore.

But at least I now have a way to edit those files on an android phone that couldnt be rooted lol.

2 Likes

Wow, not even Linus Torvalds could fix it, that's going to be a hard bug to fix.

They've fixed it already and theres a new kernel release with the patch. It was years ago, he found it but didnt know how to fix it at the time and it was hard to exploit so it was left. Now we have pretty smart people working on the kernel who can fix those things. So all good. (if you update)

8 Likes

And people always wonder why I think the stable kernel and stable distro model is stupid : P

1 Like

notice how the Linux community takes the "oh shit this is bad, let's tell people we fixed it" stance, and not the "oh shit this is bad, let's call it Cortana" one.

6 Likes

Which particular kernel comes with the fix?
Supposing that most rolling release distro´s allready got an kernel update for it?
I was concidering installing a LTS based distro on my mothers laptop.
But i might re-think that choice.

4.8.3
4.7.9
4.4.26

4.8.3 is in Fedora in updates-testing

I imagine most "stable" distros will push 4.7.9

1 Like

Thanks.
Currious to see if linux mint also gonne push those kernel patches to their distro´s.
I personaly dont like Mint that much based on how they handle their updates and kernel patches.
Of course for the more advanced users, you can easaly select those patches manualy and install those.
But there are also allot of beginner users who might not be aware.

1 Like

Yeah its one of the reasons I dont normally recommend mint, they dont push kernel patches. They changed it slightly, but im not sure if its still the same or not. They were always "optional"

They are still optional for the most part.
With Sarah18 you can select 3 levels of updates processes.
Most people would most likely pick the second level, on which kernel updates and patches are only listed as optional.
The third level does install them all, but because Linux mint made some dramatic nonsense descriptions for the 3 levels of updates processes.
That most beginner users would feel intimidated with the most secure level basicly.
And i think that might be a bad thing.

well i just got 4.7.7 tonight, so i wonder if i'll get another upgrade soon.

What OS are you on?

Korora 24. which is by and large Fedora 24

4.7.9 should be there. https://apps.fedoraproject.org/packages/kernel

run

dnf check-update kernel
dnf list kernel

yeah, it's showing it. should i go ahead and upgrade?

Yes.

If you like and just want to update specifically security updates you can run

dnf updateinfo list security

But you'll need to install them manually. (you can also have security updates install automatically without input, check dnf-automatic)

Just a general inquiry here.

To fix this problem in a large server environment, how is that handled in Linux? Are you able to centrally manage your servers patch management easily like Windows? Is this even a pacha or a full reinstall of Linux?

Thanks.