Author Topic: Grinch?  (Read 3943 times)

Offline d.knight

  • Member
  • ***
  • Posts: 54
  • Karma: 1
  • New Forum User
    • View Profile
Grinch?
« on: December 17, 2014, 02:03:41 pm »
Any truth in this story and if so how does it actually effect us.  http://www.techworm.net/2014/12/linux-grinch-vulnerability.html

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4889
  • Karma: 1058
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 10 (64-bit)
Re: Grinch?
« Reply #1 on: December 17, 2014, 02:27:49 pm »
Any truth in this story and if so how does it actually effect us.  http://www.techworm.net/2014/12/linux-grinch-vulnerability.html
Sounds more like scaremongering to me, or at least very bad reporting. 

Quote
On the vulnerability level, Grinch could be to Linux what ShellShock is to Windows.  Until and unless a patch is released all the devices running on Linux are vulnerable to Grinch.  Linux team is yet to confirm the Alert Logic’s finding or issue a patch for this vulnerability but Coty believed that Linux was working on this issue.
I've never heard of "Linux team" or, Linux being presented as an sole operating system.  Lets wait and see what Mark, (PCNetSpec) has to say  ;).
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #2 on: December 17, 2014, 02:45:55 pm »
Same as usual....

Yet again, a bunch of FUD babble that says nothing....

No mention of attack vector (how they modify your system in the first place) .. not seen in the wild .. and no confirmed / confirmable exploited systems  :-X

Some mention of requiring client side (local) access.

Quote
A potential hacker could exploit the Grinch flaw by either modifying the registered user accounts in a wheel or by manipulating the Policy Kit (Polkit), a graphical User interface for managing privileged operations for ordinary users.

Both requiring local access and root password  ::)



As ALWAYS .. don't log on as root (hard to do in Peppermint anyway), stay updated, stick to software from trusted sources such as the default repos, and if you for some reason run any apps in user space, don't enter your password in any unexpected password dialogs.

I'll put money on the press making a big deal out of this, but at the end of the day it'll turn out too be a storm in a teacup.

You're running Linux .. don't do anything stupid and Linux has your back ;)

DON'T PANIC! (think of Peppermint as your red and white striped towel) .. the nasty green man can't get in unless you open the door and invite him in (in fact it looks like you'd need to hand him the keys then carry him in) ;)

Yippee .. they've discovered another way that Linux can be harmed if you give someone local access and the root password .. well duh  :o
(Give me local access and I'll kill your system without the password ;) )
« Last Edit: December 17, 2014, 03:07:51 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline d.knight

  • Member
  • ***
  • Posts: 54
  • Karma: 1
  • New Forum User
    • View Profile
Re: Grinch?
« Reply #3 on: December 17, 2014, 03:10:10 pm »
Just the Grinch out to try and ruin christmas again :)
Probably all over google+ by now tho' .Checked out the original poster and it's some far left American claiming to be from anonymous (which means he isn't). Does have about 15000 followers so expect to hear a fair bit about this.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #4 on: December 17, 2014, 03:27:58 pm »
For sure....

The press will make the most of it, they always do .. remember heartbleed (and many other press backed scares), that was going to bring Linux to its knees right ?

You have to wonder if this kind of article is the reason he has 15000 followers .. click fodder ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline dsplayname

  • Member
  • ***
  • Posts: 73
  • Karma: 7
    • View Profile
Re: Grinch?
« Reply #5 on: December 17, 2014, 04:20:55 pm »
As with 99.9% of tech news....the article was poorly written.   But, my question is, What exactly is a "security evangelist?"
freedom defined is freedom denied

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #6 on: December 17, 2014, 04:30:13 pm »
LOL C:-)  :-\ C:-)

"CHIEF" Security Evangelist in fact...
« Last Edit: December 17, 2014, 04:32:59 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4889
  • Karma: 1058
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 10 (64-bit)
Re: Grinch?
« Reply #7 on: December 17, 2014, 04:32:43 pm »
As with 99.9% of tech news....the article was poorly written.   But, my question is, What exactly is a "security evangelist?"
Someone who knocks on your door at supper time and asks, "Have you heard the word of Norton"  :-\?!
« Last Edit: December 17, 2014, 05:01:06 pm by AndyInMokum »
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #8 on: December 17, 2014, 04:35:30 pm »
One who preaches the gospel of Kaspersky ?
« Last Edit: December 17, 2014, 04:37:10 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline dsplayname

  • Member
  • ***
  • Posts: 73
  • Karma: 7
    • View Profile
Re: Grinch?
« Reply #9 on: December 17, 2014, 05:51:39 pm »
I wonder if he knows the prophet McAfee
freedom defined is freedom denied

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: Grinch?
« Reply #10 on: December 18, 2014, 01:05:33 pm »
I wonder if he knows the prophet McAfee

isn't MacAfee a worldclass criminal living in south american with a horde of guns?
my theory always was he created the viruses for stupid window users so they would
have to use his 'security anti virus' software, maybe i'm just a cynical <removed by admin>.
« Last Edit: December 18, 2014, 06:41:25 pm by PCNetSpec »
http://iamesper.bandcamp.com
boring drone music from NJ

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #11 on: December 18, 2014, 06:42:35 pm »
@ iamesperambient

Mind the language please.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: Grinch?
« Reply #12 on: December 18, 2014, 10:00:15 pm »
sorry wasn't aware i was saying anything bad i'm Italian from NJ  just kind of slips out i apologize.
http://iamesper.bandcamp.com
boring drone music from NJ

Offline iamesperambient

  • Veteran
  • ****
  • Posts: 1269
  • Karma: 89
  • a totally awesome dude
    • View Profile
    • i AM esper (drone ambient music)
  • Peppermint version(s): Peppermint 8 64 bit
Re: Grinch?
« Reply #13 on: December 18, 2014, 10:52:26 pm »
"On the vulnerability level, Grinch could be to Linux what ShellShock is to Windows and even more severe as ShellShock infected those Windows machines which had cygwin.  Until and unless a patch is released all the devices running on Linux are vulnerable to Grinch.  Linux team is yet to confirm the Alert Logic’s finding or issue a patch for this vulnerability but Coty believed that Linux was working on this issue." so does that mean it wont affect linux anyway being shellshock was a threat to osx/linux and NOT windows?
http://iamesper.bandcamp.com
boring drone music from NJ

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Grinch?
« Reply #14 on: December 19, 2014, 04:02:49 am »
Yeah I did notice that mistake.

OK, here's pretty much the same thing on another site:
http://securityaffairs.co/wordpress/31183/hacking/grinch-bug-worse-shellshock-says-experts.html
("experts" .. yeah right  ::) )

I'd like to point out that as well as the many mistakes and the obvious fact that the the authors haven't a clue about Linux terminology, .. "Linux is working on this" and "The wheel is an account" and "through the wheel"  and "accounts in a wheel" (WTF ?) .. if what they're saying is correct, then Peppermint would be unaffected.

According to them the "wheel account" (should  read "wheel group") is somehow used with the "su" command to manipulate a polkit component ("pkexec") to elevate privileges without a password.

a) as with all these scares that's a little vague, and on every Linux system I've ever seen, users were NEVER members of the wheel group unless specifically placed there by an administrator.

b) the "su" command is pretty defunct/useless on a system that has a locked root account and uses "sudo" to elevate privileges instead .. which is pretty much ALL the Ubuntu based distros .. don't believe me ? try using "su" without "sudo" to elevate your privileges, no matter what password you use it won't be accepted because the root account is locked  ;)

c) pkexec only prompts (through a GUI dialog box) for the "users" password so I can't see how that could be of any use ... and an unexpected password dialog popping up out oof the blue would raise a few eyebrows don't you think ?

and most importantly (where this is concerned)

d) Peppermint doesn't even have a "wheel" group by default ;)
(probably applies to Ubuntu and ALL its derivatives too .. so that's 90% of "desktop" Linux safe)

Both articles are badly written, obviously by ill-informed non-Linux users who took no time to research the subject before publishing their "click fodder"  :(

[EDIT]

I've just checked Ubuntu 14.04 server edition and that no longer has a "wheel" group by default either

If you wanna look at the available groups on your system:
Code: [Select]
cat /etc/groupwill list them .. and "wheel" aint there right ;)

https://en.wikipedia.org/wiki/Wheel_%28Unix_term%29

[EDIT 2]

Seems it doesn't leverage "pkexec" at all, but rather "pkcon" (part of packagekit-tools) which again ISN'T INSTALLED BY DEFAULT IN PEPPERMINT
Sensible info (and why it's not really a "vulnerability") here:
http://blog.threatstack.com/the-linux-grinch-vulnerability-separating-the-fact-from-the-fud

If you want to check if you have pkcon installed:
Code: [Select]
dpkg -l | grep packagekit-toolsif it returns nothing, pkcon is not installed .. but even if it were I'd not be worried about this.

--
« Last Edit: December 19, 2014, 05:44:26 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec