Programming Books

Main Menu

  • Home
  • Phyton programming
  • Java programming
  • Php programming
  • C++ programming
  • Additional Topics
    • Programming industry
    • Privacy Policy
    • Terms and Conditions

Programming Books

Header Banner

Programming Books

  • Home
  • Phyton programming
  • Java programming
  • Php programming
  • C++ programming
  • Additional Topics
    • Programming industry
    • Privacy Policy
    • Terms and Conditions
C++ programming
Home›C++ programming›Nasty Linux kernel bug found and fixed

Nasty Linux kernel bug found and fixed

By Brandy J. Richardson
January 21, 2022
0
0

Most reported Linux “security” bugs aren’t actually Linux bugs. For example, security vendor CrowdStrike’s report on the largest Linux-based malware families was actually about system administration security errors with telnet, SSH, and Docker, not Linux at all. But that doesn’t mean that Linux doesn’t have security vulnerabilities. For example, a nasty new Linux kernel problem has just surfaced.

In it, there is a heap overflow bug in legacy_parse_param in the linux kernel fs/fs_context.c program. This parameter is used in Linux filesystems when creating the superblock for mounting and reconfiguring the superblock for remounting. Superblock records all characteristics of a file system such as file size, block size, empty and filled storage blocks. So, yes, it is important.

The legacy_parse_param() calculation “PAGE_SIZE – 2 – size” was mistakenly defined as an unsigned type. This means that a large “size” value gives a large positive value instead of a negative value as expected. Whoops.

This, in turn, meant that you are copying data beyond the memory slab allocated to it. And, as all programmers know, writing beyond the memory your program is supposed to have access to is a terrible thing.

One of the main reasons why Rust is built into Linux is because Rust makes this type of memory error much harder to do. As all C developers know, it’s all too easy to stumble over memory allocation in a C program.

So how bad is it? According to the CVSS (Common Vulnerability Scoring System) v3.1 scoring test, it’s a solid 7.7. This is considered a high security vulnerability.

A local attacker can use it to elevate user privileges or crash the system. This can be done with a specially crafted program that triggers this integer overflow. Having done this, it is trivial to execute arbitrary code and give the attacker root privileges.

To use it, the CAP_SYS_ADMIN privilege must be enabled. If so, an unprivileged local user can open a file system that does not support the File System Context application programming interface (API). In this situation, it reverts to legacy management, and from there the flaw can elevate an attacker’s system privileges.

Exploitation is not as difficult to do as one might think. Its discoverer, Linux kernel developer William Liu, reports that he has created exploits against Ubuntu 20.04 and container escape exploits against Google’s Container-Optimized (COS) hardened.

This security flaw was introduced on February 28, 2019 in Linux kernel 5.1-rc1. It is now present in all Linux kernels. Yes, all. Fortunately, the patch is in place.

You can also disable it by disabling user namespaces by setting user.max_user_namespaces to with the following shell code on Red Hat Linux family.

  • echo “user.max_user_namespaces=0” > /etc/sysctl.d/userns.conf
  • sysctl -p /etc/sysctl.d/userns.conf

On Ubuntu and related distributions, you can protect your system with this shellcode:

  • sysctl -w kernel.unprivileged_userns_clone=0

However, keep in mind that you must have a namespace available on containerized Linux distributions, such as Red Hat OpenShift Container Platform, as this feature must be enabled. In these circumstances, you will need to patch your Linux distribution as soon as your distributor makes the patch available.

Stay safe, stay patched.

Related stories:

Related posts:

  1. Watch the Perseid meteor shower at its peak August 11-13: Morgan Paskert
  2. Sony signs nine sponsors for Indian tour in England 2021
  3. Young people learn their technological skills on television, not at school
  4. WWPS summer school programs focus on academics, enrichment

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • January 2021
  • December 2019
  • November 2019
  • October 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2017

Categories

  • C++ programming
  • Java programming
  • Php programming
  • Phyton programming
  • Programming industry

Recent Posts

  • Rust could be included in the Linux kernel in 5.20
  • [Around the Hotels] Promotions and packages
  • AWS Mainframe Modernization Service Now Generally Available
  • Rates rise for private student loans, but borrowers with good credit can still save
  • Lycoming College student secures his future with the Ministry of Defense | Education
  • Privacy Policy
  • Terms and Conditions