Sunday, July 19, 2009

A .note on local root exploits

There happened a lot of weird things and discussions
during the last week. Not only a silly kernel/gcc
combination attack was published by my favorite VJ;
also a second issue was released by the google sec-team,
which unfortunally was inside the same program that spender
used as an attack vector in one of the videos.

At the end, its nice that there are (thanks god, I am not
alone in this world!) people who seem to like/care
about local root exploits. You should definitely
have a look at Julien's blog (pulseuadio as well
as the mmap_min_addr postings).I feel like _uh,ohhh_
that theres actually some people doing real things
beside all the web 2.o, XSS and similar sillyness.

As you might know (or not, who cares :) I like local
root exploits. Every now and then I try to find some,
and sometimes I am even successful. Not only two times
so far, as some blogs try to suggest. :-)
Surprinsingly it is not much harder than 10 years ago,
if we do not count overflow/memory corruption bugs.
The bugs just get more silly and most of the time they
require a combination of multiple minor flaws. But
thats exactly what makes the beauty of local root exploits.

Some people do not honour them. They argue that only
remote exploits are of interest. But these people probably
never run a cluster or one of the top500's or found themself
removing ssh backdoors on a weekend instead of having fun.

A local vulnerability deservs the same update urgency
as remote ones.


Anonymous said...

Rather cool site you've got here. Thanks for it. I like such topics and anything that is connected to them. I would like to read a bit more soon.

Hilary Kuree

Anonymous said...

I've been looking for this info for a long time, thanks for your work.