New IT forum
11 August 2022, 12:13:55 am *
Welcome, %1$s. Please login or register.

: MiraBox now in stock.
 
Pages: [1]

Author Topic: Recent Kernel Security Issues?  (Read 5888 times)

apemberton

  • Full Member
  • ***
  • Posts: 187
Recent Kernel Security Issues?
« on: 30 September 2011, 07:40:40 pm »

As probably many of you know, 'kernel.org' is unavailable as I write and has been for some days. I understand there has been a security breach on at least one of the kernel servers, possibly starting six or more weeks ago. It is difficult to understand what has happened or the implications from what has been written in forums, blogs and at least one magazine. It may be a trojan embedded in the kernel but it is not clear if this is a real or imagined threat.

I have all of my sheevaplugs/guruplugs running kernel 3.0.3 compiled from downloaded source at kernel.org (using git clone) plus the patches from 'sheeva.with-linux.com/sheeva' (which is also off-air).

I am worried that my systems may be compromised in some sort of way and what to do to minimise risk. It has been suggested that passwords should be changed and strengthened (good practice of course) but also it has been suggested that the SSH keys have been compromised which would make changing passwords no obstacle.

Anybody any thoughts?

PS. does this mean that Windows users are chuckling behind their antivirus software? Or is this revenge for the Iranian nuclear labs being hacked?

ETA: I meant SSH rather than SSL above

« Last Edit: 30 September 2011, 07:51:55 pm by apemberton »
Logged
Tony Pemberton

Confusticated

  • New IT customer
  • Hero Member
  • *
  • Posts: 663
Re: Recent Kernel Security Issues?
« Reply #1 on: 30 September 2011, 08:00:17 pm »

Password & SSH Key issues are only applicable to the developer users of kernel.org and the associated servers...so that's not you unless you have been keeping quiet about it :)
The remaining issues are:

1) Was kernel.org web script\pages spiked to put malware on your client via your web browser.
2) Was the git repository tampered with, introducing malware source\data.

1 I am sure (from your posts) you know how to check for this (quicker to do than explain every step how)
EDIT: And I am sure kernel.org would have announced it if they found tampering with the webserver.

2 Is unlikely, you can point git at github and pull Linus's tree from there instead (anything amiss in your repository will cause errors)

EDIT:
3) They stole the SSL Certificates, polluted the DNS servers, and redirected you to a clone of kernel.org to have thier wicked way with your trusting clent :)
« Last Edit: 30 September 2011, 08:30:13 pm by Confusticated »
Logged
Advocatus Diaboli - My agenda is not to give you the answer, but to guide your thoughts so you derive it for yourself!

apemberton

  • Full Member
  • ***
  • Posts: 187
Re: Recent Kernel Security Issues?
« Reply #2 on: 30 September 2011, 08:10:22 pm »

The simple answer to 1) and 2) is I don't know!

Apparently Linus Torvalds has transferred from Kernel.org to Github.

But the whole issue is unclear and the implications for Linux users of any archtecture may be significant.

I do not have answers, just questions.
Logged
Tony Pemberton

Confusticated

  • New IT customer
  • Hero Member
  • *
  • Posts: 663
Re: Recent Kernel Security Issues?
« Reply #3 on: 30 September 2011, 08:49:46 pm »

1) Boot off a Live CD, Logs, Firewall, Verify all installed packages (install selinux, tripwire etc for future protection)

2) This is (one possible) the answer, or alternatively you could read all the source yourself.
Quote
point git at github and pull

This is the major difference between Linux and Windows, the transparency of Linux allows you to find and undo anything done!
Logged
Advocatus Diaboli - My agenda is not to give you the answer, but to guide your thoughts so you derive it for yourself!

sfzhi

  • Jr. Member
  • **
  • Posts: 54
Re: Recent Kernel Security Issues?
« Reply #4 on: 30 September 2011, 10:24:11 pm »

A side note:
So called "stable" releases, such as 3.0.3 (and 3.0.4 for that matter) are not maintained by Linus Torvalds, so they are not in his git repository.
Logged
Pages: [1]
 
 

Powered by MySQL Powered by PHP SMF 2.0.10 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!