« previous next »
Pages: [1]   Go Down

Author Topic: Opinions needed to clarify vulnerability in Linux  (Read 159 times)

Offline Tony

  • Hero Member
  • *****
  • Posts: 1770
  • naturam expelles furca, tamen usque recurret
Opinions needed to clarify vulnerability in Linux
« on: February 21, 2013, 01:21:50 AM »
I have known this guy for a decade. He is a self proclaimed expert on everything. He's never used Linux, but he posts odd things about its vulnerabilities. I wouldn't normally do this, post a thread from another Forum however enough is enough.

I realise it's an odd task to ask, and personally I think what he is posting is rubbish, does anyone have a feeling on this post ?
Linux-servers rooted and plundered via 0-day  (Read 74 times)
http://forum.avast.com/index.php?topic=115484.msg898105#msg898105

Quote
Read: https://access.redhat.com/security/cve/CVE-2013-0871 (RHSRT)
This 0-day hole probably was detected here: http://linux.die.net/man/2/ptrace
Some systems were protected against this 0-day via the use of a virtual file system: CageFS
http://docs.cloudlinux.com/index.html?cagefs.html  (Reddit discussions)
weak PHP code attacks or plesk vulnerabilities could also lay at the culprit of this security break..
Cloud Linux seems most threated now...

polonus

I was tempted to reply, as it seems to be information of no interest, but would love comments from more knowledgeable people as to what they think.

Thankyou in advance.  :)
I have no intention of attacking poor old Polonus, but posting Linux vulnerabilities is a serious matter. I may PM him if need be, saying please don't post negative info about Linux, as a courtesy.
Misinformation posted online just to stroke your ego is unpleasant, and could be off putting to people wanting to try Linux.

The links:
1.) https://access.redhat.com/security/cve/CVE-2013-0871 (RHSRT)
2.) http://linux.die.net/man/2/ptrace
3.) http://docs.cloudlinux.com/index.html?cagefs.html

Feedback welcomed.
Logged
PCLOS *MiniMe 2013 - KDE 4.10.1 + *LDXE Full  Computing is Fun with Linux, mostly ;) *Software Updates

AndrzejL

  • Guest
Re: Opinions needed to clarify vulnerability in Linux
« Reply #1 on: February 21, 2013, 01:38:48 AM »
We had a great discussion about Linux security with djohnson on the fossconvergance forum.

http://forum.fossconvergence.org/index.php?topic=355.msg1572#msg1572

About the php thingie... Php is php. Linux is Linux. If php is vulnerable then it's vulnerable on all operating systems it's being installed to - just like Java, Flash, Adobe Reader or Firefox for example. This is called cross-platform vulnerability and NOT Linux vulnerability. Unless someone (developer of the application) did a boo boo while creating Linux-specific package - this way only "Linux" is vulnerable altho here we need to stop and think about what Linux really is... Linux is a kernel. Kernel that the apps use to share resources. Linux != apps. App vulnerability != Linux vulnerability.

Sometimes a buggy application on Linux can be pushed and it may lead to the system being compromised. It happens and there is nothing we (users that cannot code) can do about. There is no such thing as a hack-proof OS...

Oh... Btw?... We don't have to wait for a fix till the second Tuesday of the month.

Polonus obviously likes Microsoft operating systems. That's fine. He likes to point out problems with other operating systems? That's fine too. My advice: If it bothers You - ignore his posts. Nothing good with come out from the discussions and at the end You will not get Your head wrecked.

Regards.

Andrzej
« Last Edit: February 21, 2013, 01:59:15 AM by AndrzejL »
Logged

Offline Texstar

  • Administrator
  • Super Villain
  • *****
  • Posts: 12655
Re: Opinions needed to clarify vulnerability in Linux
« Reply #2 on: February 21, 2013, 01:45:53 AM »
A local exploit for the everyday home Linux user requires someone to be in front of your computer to execute. If someone is sitting in front of your computer they can simply boot into single user mode. The exploit isn't even required to get elevated privileges.

A remote exploit is a serious matter. A remote exploit would allow someone to get access to your computer without being in front of it and able to get root access. These types of exploits are far and few.

Logged

Thanks to everyone who donates. You keep the servers running.
Follow me on Twitter for the latest development info.

AndrzejL

  • Guest
Re: Opinions needed to clarify vulnerability in Linux
« Reply #3 on: February 21, 2013, 02:07:06 AM »
Quote from: Texstar on February 21, 2013, 01:45:53 AM
A local exploit for the everyday home Linux user requires someone to be in front of your computer to execute. If someone is sitting in front of your computer they can simply boot into single user mode. The exploit isn't even required to get elevated privileges.

A remote exploit is a serious matter. A remote exploit would allow someone to get access to your computer without being in front of it and able to get root access. These types of exploits are far and few.

Bios password, booting from the first / local hdd, full drive encryption... those can slow down (or even stop) the machine from being locally exploited ;). If the person gains access to Your machine and cannot go past the cmos password or boot from other media then first local HDD - they have to reset the bios password. This takes time and tools (especially on laptops). After that even if they go past the bios password they are being asked for the hdd encryption password and cannot boot to the OS without it (neither will they boot to the single user mode). Even if they can now boot into the LiveCD - they won't be able to see the HDD content without the passcode... This can be cracked given time. Sometimes a lot of time is needed. Sometimes attacker gives in after hours and hours and hours of cracking...

Remote exploit is indeed a nasty bugger ;D. There are as You said - few of them - the most recent I hear about is the ssh imitating backdoor which has hit the RHEL based distros (some cases on Debian as well)...

Regards.

Andrzej
Logged

Offline Tony

  • Hero Member
  • *****
  • Posts: 1770
  • naturam expelles furca, tamen usque recurret
Re: Opinions needed to clarify vulnerability in Linux
« Reply #4 on: February 21, 2013, 05:11:39 AM »
Thanyou both AndrzejL & Texstar for your feedback. We do ignore this guy, he wants his 15 mins of fame, every day. He's also someone who taught me stuff ten years ago, when he was more lucid, who I wouldn't like to upset.

Thanks especially Texstar for taking time to reply. It's a simple black and white scenario you've painted.
Quote
A local exploit for the everyday home Linux user requires someone to be in front of your computer to execute.


Quote
A remote exploit is a serious matter. A remote exploit would allow someone to get access to your computer without being in front of it and able to get root access. These types of exploits are far and few.
I'm sure you both can understand I don't want people scaring Linux users about Remote Exploits. I doubt saying anything to Polonus will stop him, and that most people can figure he means unwell, while trying to mean well, if that makes any sense.  ;) 
His method of posting links to complex discussions confuses the reader who is left to wade through too much info and simply end up believing him due to lack of understanding of the content.

Personally I know very little about Linux Security, except the basics.

I may lock this Topic, I don't think there's a lot more to contribute.

If PCLinuxOS users want to get dark and dirty about Linux security, especially 'single user mode', another thread should be created. Maybe it's time.

Regards,

Tony
« Last Edit: February 21, 2013, 05:22:03 AM by Tony »
Logged
PCLOS *MiniMe 2013 - KDE 4.10.1 + *LDXE Full  Computing is Fun with Linux, mostly ;) *Software Updates
Pages: [1]   Go Up
« previous next »