• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Suse warns of hole in Linux kernel

It doesn't actually let anything pass the firewall. It's a DOS attack and has to do with the iptables logging facilities, it'll crash your computer.

No remote exploits...

It's the 2nd serious exploit in 2.6 series kernels, btw. Fixed with 2.6.8 and newer.

secunia report.
 
Originally posted by: Nothinman
very, you'd expect a firewall to keep things OUT.
Click to expand...

It does. The gotcha is that if this bug is exploited the box crashes and keeps everything out.
Click to expand...

So are you saying that's the kernel developers doing a little bit TOO good of a job?

(also, would it be possible to move something like iptables out of the kernel and into userland?)
 
(also, would it be possible to move something like iptables out of the kernel and into userland?)
Click to expand...

Probably, but I would imagine it would be incredibly slow. Every packet that came in would need to be passed to the userland program for inspection and possibly modification and then that program would have to pass it back to the kernel or let the kernel know that the packet was dropped and whether or not to send back a bad response (i.e. ICMP unreach, RST, whatever).
 
So are you saying that's the kernel developers doing a little bit TOO good of a job?
Click to expand...
Though it does block everything I wouldnt consider the box crashing a "good" job. 😉
(also, would it be possible to move something like iptables out of the kernel and into userland?)
Click to expand...
Feel free to correct me if I'm wrong, but I'm under the impression it's dont at the kernel for performance reasons; overhead would be much higher if it were done at the user level.
 
Originally posted by: spyordie007
So are you saying that's the kernel developers doing a little bit TOO good of a job?
Click to expand...
Though it does block everything I wouldnt consider the box crashing a "good" job. 😉
Click to expand...

Still better than a remote root exploit. 😉

(also, would it be possible to move something like iptables out of the kernel and into userland?)
Click to expand...
Feel free to correct me if I'm wrong, but I'm under the impression it's dont at the kernel for performance reasons; overhead would be much higher if it were done at the user level.
Click to expand...

Correct.
 
Feel free to correct me if I'm wrong, but I'm under the impression it's dont at the kernel for performance reasons; overhead would be much higher if it were done at the user level.
Click to expand...

That and constantly copying data to/from user memory is just waiting for an even bigger exploit.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top