Welcome Guest.   Make a donation to an author on the site November 23, 2014, 09:56:19 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2013! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Linux kernel.org hacked  (Read 5522 times)
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: September 01, 2011, 02:33:12 PM »

"Oops."


Kernel.org Server Rooted and 448 users credentials compromised

Now, as mentioned in the article there's no reason to worry about the Git source repository, due to the nature of Git itself... but the kernel tarballs could be affected, and we won't know the details until after an audit is done. (Yes, there's signatures for those tarballs, but who checks the signatures? And is there any guarantee that the tarball signing key hasn't been compromised?).

What does this mean? If you've downloaded tarballs from kernel.org the previous month or so, be sure to audit your systems and follow the news very carefully. Hopefully all sane distributions get their kernel sources from Git and not kernel tarballs, so people upgrading kernels from their distro vendor should be safe - but stay tuned.

Interesting news, anyway. Seems to be a combination of trojanizing an Intel kernel committer (social engineering or haxxor of his system?), and then a bit of local->root privilege escalation.
Logged

- carpe noctem
zridling
Friend of the Site
Charter Member
***
Posts: 3,291


Linux captive

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: September 02, 2011, 05:37:28 AM »

Interesting and embarrassing, eh? I wouldn't worry:

How to inject a malicious commit to a Git repository (or not)
http://git-blame.blogspot...icious-commit-to-git.html

Hack or No Hack, the Linux Kernel Is Well-Protected
http://www.pcworld.com/bu...nel_is_wellprotected.html
Logged

- zaine (on Google+)
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: September 02, 2011, 05:45:37 AM »

That said, the attacker's rootkit was able to gain root priviledges via an (obviously) yet unknown priviledge escalation exploit, so the Linux kernel most likely has a critical bug which is actively exploited, so it does not matter if the Git repository was modified or not.

I'm so happy that I use the secure Windows instead of the exploitable Linux stuff.  tongue
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: September 02, 2011, 06:39:36 AM »

^Do I detect a little flame-baiting from our T-man?  Grin Thmbsup
Logged

Don't you see? It's turtles all the way down!
Renegade
Charter Member
***
Posts: 11,800



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: September 02, 2011, 07:56:34 AM »

I'm so happy that I use the secure Windows instead of the exploitable Linux stuff.  tongue

Hahahah~! YEAH~! You go~! smiley Spill that blood baby~! tongue Give 'er~!

(Hey -- I like Windows servers!)

I don't think we're in any danger of a flame war here. (One of the nice things about DC -- our "flame wars" are more like "waving lighters in the air".) tongue Grin
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: September 02, 2011, 07:59:23 AM »

@Ren - spot on! One of the reasons I like coming here.  Cool

P.S. I like Windows servers too! smiley



Logged

Don't you see? It's turtles all the way down!
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: September 02, 2011, 09:25:24 AM »

Interesting and embarrassing, eh? I wouldn't worry:

How to inject a malicious commit to a Git repository (or not)
http://git-blame.blogspot...icious-commit-to-git.html
Please re-read my post. Like, the first paragraph that mentions Git and tarballs.
Logged

- carpe noctem
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: September 02, 2011, 10:40:27 AM »

Awwww, I was so positive that I could initiate a serious flame-war here in this Windows users board!!11
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: September 02, 2011, 11:02:07 AM »

^Sorry to disappoint. But zridling and 40hz are serious and unapologetic Linux users.  tongue

Logged

Don't you see? It's turtles all the way down!
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: September 02, 2011, 11:10:03 AM »

Disrupters!
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
Renegade
Charter Member
***
Posts: 11,800



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: September 02, 2011, 11:26:49 AM »

^Sorry to disappoint. But zridling and 40hz are serious and unapologetic Linux users.  tongue

BURN THE WITCHES~!

<a href="http://www.youtube.com/watch?v=zrzMhU_4m-g" target="_blank">http://www.youtube.com/watch?v=zrzMhU_4m-g</a>
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Stoic Joker
Honorary Member
**
Posts: 5,395



View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: September 02, 2011, 11:40:17 AM »

Now Ren, I thought we agreed to (only burning the Mac types) cut down on torching people ... The *nix crowd is ok.
Logged
wraith808
Supporting Member
**
Posts: 6,482



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: September 02, 2011, 12:20:13 PM »

But isn't the mac crowd sort of mixed in with the *nix crowd now?
Logged

Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: September 02, 2011, 12:35:37 PM »

The Mac crowdies are bastards.
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: September 02, 2011, 01:20:48 PM »

But isn't the mac crowd sort of mixed in with the *nix crowd now?

Nope. They want nothing to do with us nixers.


As far as they're concerned we're just wannabe Mac users that don't have enough education (or contacts) to get a job that pays well enough for us to afford Apple hardware. Which makes us just a bunch of techno-hippies, slackers, and eurotrash losers - in short,  nothing like the upwardly mobile and incredibly hip "beautiful people" that make up the Macintosh culture.

So please don't lump us in with the Mac crowd.

Because the Mac crowd certainly doesn't.
 Grin

« Last Edit: September 02, 2011, 01:33:47 PM by 40hz » Logged

Don't you see? It's turtles all the way down!
Stoic Joker
Honorary Member
**
Posts: 5,395



View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: September 02, 2011, 05:51:05 PM »

But isn't the mac crowd sort of mixed in with the *nix crowd now?

No, the Mac crowd bends to the will of lord jobs ... And therefore fiercely believes his every decreed word in that OSX is indeed a thing unto itself. Because it use some piece/part/portion in some arcane mini-Minge kernel project, and is therefore not just a slapped on GUI desktop masking a copy of FreeBSD.

And then there's the rest of us that think ^^they're^^ full of shit.  cheesy
Logged
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #16 on: September 04, 2011, 10:03:24 AM »

Nope. They want nothing to do with us nixers.

Yet it's amazing the amount of open source supporters who run a Mac, though sometimes out of spite tongue
Logged
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: September 04, 2011, 11:00:56 AM »

Nope. They want nothing to do with us nixers.

Yet it's amazing the amount of open source supporters who run a Mac, though sometimes out of spite tongue

I thought it was more out of pity they did that...

Poor little Mach kernal being held captive by Apple like that. What did it ever do to them? Grin

Logged

Don't you see? It's turtles all the way down!
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #18 on: September 04, 2011, 11:10:57 AM »

Darwin is open source, it is just Aqua that is not. Anyway, I really wonder what should be so "great" about a BSD/Mach hybrid bastard of a kernel, given that OSX is, according to Secunia, more insecure than Windows 7.
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: September 04, 2011, 11:42:07 AM »

^Mach was pretty rad for it's time when microkenals were all the rage.

I think the main reason Jobs liked it was because that's what they used for his ill-fated NeXT machine (Jobs never admits he backed the wrong horse) - and the license allowed them to use the code without needing to give anything back.

So I'd hesitate to call Mach3 a bastardized kernal.  It's just a different approach than the one more commonly used by most of today's production operating systems.

But who knows? GNU Hurd is based on the Mach kernal - and there's some chance Hurd may finally be out in the near future after 20 years of waiting. A "Hurd variant" of Debian is slated for release with version 7.0 (aka: Wheezey). Beta downloads are already available for it. (Note: this is seriously beta so don't bother unless you're really curious about it.)

 Cool
Logged

Don't you see? It's turtles all the way down!
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #20 on: September 04, 2011, 11:46:42 AM »

Good software is never "final"!
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 10,851



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: September 04, 2011, 12:33:02 PM »

Good software is never "final"!

I wasn't saying "final" - just "finally out."  Cool
Logged

Don't you see? It's turtles all the way down!
Tuxman
Supporting Member
**
Posts: 1,498


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #22 on: September 04, 2011, 01:30:57 PM »

Even an alpha 0.01 is "out".  smiley
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
zridling
Friend of the Site
Charter Member
***
Posts: 3,291


Linux captive

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: September 04, 2011, 03:08:56 PM »

^Sorry to disappoint. But zridling and 40hz are serious and unapologetic Linux users.

Indeed. And just like any other software, among distros, I have a number of niggling gripes. But the modularity and scalability of the kernel is good to us all.
Logged

- zaine (on Google+)
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.064s | Server load: 0.11 ]