Re: [cobalt-security] Raq 550 Remote Exploits?

[Greg Boehnlein <damin@xxxxxxxx>]

On Sun, 1 Feb 2004, Michael Stauber wrote:

> Hi Zef,
> 
> > I can confirm not just one but instead 3 public local user root access
> > exploits for the 550.  it takes about 15 seconds from start to finish..  I
> > have sent the scripts/links in on Jan 3 2004 and it's with great saddness I
> > see that the scripts are as old as Jan 2003 :(
> 
> Quite sad, man. Do all three of these exploits target vulnerabilities in the 
> kernel?

What is stopping the Cobalt Community from deploying newer versions of the 
kernel patched against exploits? I've not tried to build a Cobalt kernel 
in a Long, Long, Long time, but we should be able to diff the Cobalt code 
against a generic source tree to get a base-line patch, and then patch up 
revision by revision until we have a kernel that tracks against the latest 
code.

It just seems that the Cobalt community has become a bunch of total 
morons, unable to grasp the concept that this is simply an x86 Linux box 
with a few caveats. There is no special magic to securing Linux, as long 
as you have source to work with, and as far as I know, all source has been 
released to the community already.

Are we missing something proprietary (binary module like Phoenix Adaptive 
Firewall) that is preventing this from happening, or do we just lack the 
organization to rally around a project and move forward?

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST