Linux security vulnerabilities can cause 2.6 suites to crash
Source: Internet
Author: User
Article Title: Linux security vulnerabilities can cause 2.6 suites to crash. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
A young Norwegian programmer recently discovered a Linux Bug. A simple C program can use this Bug to crash most Linux 2.4 and 2.6 suites on the x86 system.
Sither, the discoverer of this Bug, said that if an attacker wants to crash the Linux system through this Bug, he needs to have Shell access or other means to upload and run programs, for example, cgi-bin or FTP permission.
"The attack program can work with any common user account without the Root permission," he said. It is reported that similar attacks have led to the crash of some "lame free Shell sites. These sites provide code that is known to cause system damage and hacker attacks, although this behavior is illegal and is highly banned in most parts of the world.
In addition to publishing the program code to exploit this Bug, Sither has also released some patches for Linux 2.4 and 2.6 Kernels to prevent the system from crashing.
Multiple Security Issues in Linux have been detected over the past few years. The most serious one is a Security vulnerability discovered by the Polish nonprofit organization iSEC Security Research in February this year.
This biggest security vulnerability allows attackers to gain full permissions of superusers and administrators. However, the Linux open source code community quickly launched patches for these two cases.
However, the recent security vulnerability does not give the provider any permission to control Linux when the system crashes.
Technically, this problem exists because the signal processor of the Linux kernel cannot correctly handle floating point exceptions. Linus Torvalds, founder of Linux, said: "If there are pending floating point exceptions in the system, there will be a channel to the system kernel. The system kernel will eventually execute a floating point exception and will always execute a floating point exception ."
Torvalds has well solved this problem, he said: "A few days ago, I fixed this problem in my own source code tree and released Linux 2.6.7 ."
Eric Raymond, Chairman of Open Source Initiative, also said: "This is not a big problem. We can fix it easily, and these repaired kernels won't bring any new problems ."
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
