Choose style:

Author Topic: How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728 [ 19/  (Read 1984 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3830
  • Karma: 301
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Hello VinDSL,

I believe I had three installments of updates today, and I'm glad to know that was in there. :)

Thank you,

perknh
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Kinda scary, eh what ?

All someone needed to do, to escalate themselves to root, was sit at the keyboard and make four billion system calls (cycle a 32-bit integer in the kernel to zero).

Glad they patched it quickly, even though it took years to discover the vuln.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3830
  • Karma: 301
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Glad they patched it quickly, even though it took years to discover the vuln.

Well, they certainly don't mess around when they find something.  I had never had more updates in my life within Peppermint as I did yesterday.  And, this morning, I even found there was an upgrade for Opera browser to be had.  If this was a closed source OS, chances are we would never had known about this vulnerability.

I'm proud to be using Peppermint Linux OS! ;)
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25672
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
I was waiting for someone to mention this before I said...

For £$%^ sake, they NEED LOCAL ACCESS .. and if they have that, what's to stop them booting a LiveUSB and having root access ::)

Another non-story.....
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3830
  • Karma: 301
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
It sounds like this is another non-issue in Linux for us NOT to worry about.  I've seen a few of these come and go by now, I know.  Still I'm glad Linux is addressing the "problem" as much as it can be addressed. :)
« Last Edit: January 20, 2016, 06:44:43 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline GNULINUX

  • Trusted User
  • Member
  • *****
  • Posts: 987
  • Karma: 311
    • View Profile
  • Peppermint version(s): Peppermint Six (x64)
Another non-story.....
+1

Lately there are a lot of non-story's on that subject on "security" sites and blogs, I even think they have a purpose!
To keep the doubting Windows (10) users away from Linux...

Must be that Linux is gaining ground!  8)
Peppermint 6  (x64)   -   Windows 7 Ultimate SP1  (x64)
Running different OS flavors in VirtualBox, just for fun!

Offline josephd

  • Trusted User
  • Member
  • *****
  • Posts: 337
  • Karma: 102
  • WordPress Developer
    • View Profile
    • LinuxBookPro
  • Peppermint version(s): Peppermint 10
Tech news is very much "the sky is falling" it gets clicks and advertisers love that.
Joseph Dickson | www.linuxbookpro.com | www.joseph-dickson.com | https://twitter.com/joe4ska - "I also enjoy Debian Stable, Pop!_OS, and Trisquel."

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
[...] what's to stop them booting a LiveUSB and having root access ::)

Stop local exploits ?

Hot glue in the USB ports works as good as anything.  Just gotta make sure you glue all of them.   :D

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3830
  • Karma: 301
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
[...] what's to stop them booting a LiveUSB and having root access ::)

Stop local exploits ?

Hot glue in the USB ports works as good as anything.  Just gotta make sure you glue all of them.   :D

If there is a solution anywhere to be found, it will be find here in Peppermint's forum! ;)
« Last Edit: January 21, 2016, 04:32:44 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline Razznak

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 16
    • View Profile
  • Peppermint version(s): 10
[...] what's to stop them booting a LiveUSB and having root access ::)

Stop local exploits ?

Hot glue in the USB ports works as good as anything.  Just gotta make sure you glue all of them.   :D

If there is a solution anywhere to be found, it will be find it here in Peppermint's forum! ;)
I would hope the Secure Boot option would protect from that. It disables the ability to boot from a USB, but I'm sure it too can be bypassed somehow.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3830
  • Karma: 301
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
I would hope the Secure Boot option would protect from that. It disables the ability to boot from a USB, but I'm sure it too can be bypassed somehow.

Hello Razznak,

That's a good question.  I've never used a computer with secure boot.  That has to some reason why Linux considered that zero day vulnerability worthy of a patch --especially if the vulnerability is only local.  As more and more computers use secure booting as their default method of booting, perhaps you've touched upon the reason for the patch.

Interesting thought! ;)

perknh
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25672
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Quote
I would hope the Secure Boot option would protect from that. It disables the ability to boot from a USB, but I'm sure it too can be bypassed somehow.

Yeah by disabling it in the BIOS .. again, local access.

There is ZERO protection (short of encryption) if someone has local access .. even password protecting the BIOS and not allowing booting from CD/USB .. just pull the HDD and attach it to another machine.

That's not what secureboot is for anyway .. it's not about locking boot devices locally (nor does it stop you booting a LiveUSB) .. it's about making sure boot files are signed and cannot be altered .. it does NOT stop access to the OS.
« Last Edit: January 21, 2016, 06:49:58 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Razznak

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 16
    • View Profile
  • Peppermint version(s): 10
Quote
I would hope the Secure Boot option would protect from that. It disables the ability to boot from a USB, but I'm sure it too can be bypassed somehow.

Yeah by disabling it in the BIOS .. again, local access.

There is ZERO protection (short of encryption) if someone has local access .. even password protecting the BIOS and not allowing booting from CD/USB .. just pull the HDD and attach it to another machine.

That's not what secureboot is for anyway .. it's not about locking boot devices locally (nor does it stop you booting a LiveUSB) .. it's about making sure boot files are signed and cannot be altered .. it does NOT stop access to the OS.
That makes sense.