Practical Technology

for practical people.

An important Linux fix


Most of the time you can go for months, years, without patching your Linux distribution and not be in any real danger. A recently uncovered security hole in the Linux kernel does deserve your attention.

Specifically, Earl Chew, a Linux developer, and, at about the same time, Brad Spengler, creator of the Linux security program Grsecurity, discovered that there was a possible null pointer error that could, in theory, enable non-root users grab administrator privileges. You don’t want that to happen.

This particular bug, known in developer circles as CVE-2009-3547, hits all modern versions of the Linux 2.6 kernel It’s been fixed in the upcoming 2.6.32 RC (release candidate), but unless you’re running on Linux’s bleeding edge, you’re not running that version of the kernel.

So chances are you might have this problem. I say might because for this security hole to be open the value to the mmap_min_addr pointer has to be zero. If it’s not, you’re safe.

More >