Dailydave mailing list archives
Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1)
From: Steve Grubb <sgrubb () redhat com>
Date: Sun, 12 Nov 2006 12:51:48 -0500
On Sunday 12 November 2006 11:20, Gadi Evron wrote:
merely point out the obvious...you have to either have privileges to perform mount or physical access to the machine. If all these are is DoS and you have physical access, why not just yank the power cord? Until an exploit is written, these are just DoS crashes.DoS only? No public exploit? We heard that before. Sorry for being rude on this point, but we did.
I'm just wanting to see how you take advantage of this without root privileges or physical access to the machine. Yes, I have read the saying that a vulnerability is not an exploitable until one is written.
Were you the one to find the bugs working with LMH,
I worked with LMH on fsfuzzer from March 5-8. The program was a great idea and started off as a 50 line shell script. My goal at the time was to get it to the point that it could create its own images so that it could be tested to see if there were any problems in the kernel. LMH had been playing with it before we met and had found an ISO9660 problem (and maybe some others). Anyways, during those 3 days the program was able to create its own filesystem images and became much more useful. At the time, only ext2/3, iso9660, and the msdos file systems worked. I tested those and found nothing interesting. (This was also back in 2.6.14 kernel days.) This fall, I was curious how things were looking in the new 2.6.18 kernel and learned how to setup some more file systems and wanted to see if populating the image better and adding extended attribute operations would show new bugs. So, I added those to fsfuzzer. Sure enough there were new bugs I hadn't seen before. So, the next issue is how to give a corrupted image for someone to study and fix the problem. I added the code to let you replay the tests and got some more kernel developers involved since the kernel was not robust in the face of corrupt images.
or did you find them on your own and kept them private to redhat only?
I found these bugs and filed bugzilla #'s 209907, 211237, 211668 before the month of kernel bugs was ever announced. I did mention to LMH that I was releasing a new version of fsfuzzer that did find and reproduce all these bugs and a few more that are not public.
In my humble opinion, as an open-source related company, you may do well to try and see if you can work with the researchers rather than attack them.
Sigh, these are bugs *I found* and we are getting people to fix these robustness issues. As for my response, how would you feel given the above? -Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) PERFECT . MATERIAL (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Gadi Evron (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 13)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 17)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 17)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Gadi Evron (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) PERFECT . MATERIAL (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)