Jump to content

Enough with the Linux security FUD


Recommended Posts

securitybreach
Quote

Enough with the Linux security FUD

 

By Steven J. Vaughan-Nichols for Linux and Open Source | August 24, 2020 -- 22:52 GMT (15:52 PDT) | Topic: Security

 

Every few weeks, another security story appears saying how insecure Linux is. There's only one problem with most of them: They're fake news. The real problem is incompetent system administrators.

 

Like all operating systems, Linux isn't perfectly secure. Nothing is. As security guru, Bruce Schneier said, "Security is a process, not a product."  It's just that, generally speaking, Linux is more secure than its competitors. You couldn't tell that from recent headlines which harp on how insecure Linux is. But, if you take a closer look, you'll find most -- not all, but most -- of these stories are bogus.

 

For instance, Boothole sounded downright scary. You could get root access on any system! Oh no! Look again. The group which discovered it comes right out and says an attacker needs admin access in order for their exploit to do its dirty work. 

Friends, if someone has root access to your system, you already have real trouble. Remember what I said about Linux not being perfect? Here's an example. The initial problem was real, albeit only really dangerous to an already hacked system. But several Linux distributors botched the initial fix so their systems wouldn't boot. That's bad.   

Sometimes fixing something in a hurry can make matters worse and that's what happened here.

 In another recent case, the FBI and NSA released a security alert about Russian malware, Drovorub. This program uses unsigned Linux kernel modules to attack systems. True, as McAfee CTO, Steve Grobman said, "The United States is a target-rich environment for potential cyber-attacks," but is production Linux run by anyone with a clue really in danger from it?

I don't think so.

 First, this malware can only work on Linux distributions running the Linux 3.6.x  kernel or earlier. Guess what? The Linux 3.6 kernel was released eight-years ago.

 I suppose if you're still running the obsolete Red Hat Enterprise Linux (RHEL) 6 you might have to worry. Of course, the fix for signing Linux kernel modules has been available for RHEL 6 since 2012.  Besides, most people are using Linux distros that are a wee bit newer than that. 

In fact, let's make a little list of the top production Linux distros:

CentOS/RHEL 7 started with kernel 3.10.
Debian 8 started with kernel 3.16.
Ubuntu 13.04 started with kernel 3.8.
SUSE Linux 12.3 started with kernel 3.7.10.

All these years-old distros started life immune to this attack. All recent Linux versions are invulnerable to this malware.

But, wait! There's more. And this is the really annoying bit. Let's say you are still running the no longer supported Ubuntu 12.04, which is theoretically vulnerable. So what. As Red Hat's security team points out, "attackers [must] gain root privileges using another vulnerability before successful installation."......

 

 

https://www.zdnet.com/article/enough-with-the-linux-security-fud/

  • Like 1
  • Agree 1
  • +1 2
Link to post
Share on other sites
sunrat

Yes almost every report has written somewhere obscure "needs root access" or "needs physical access" or both.

Can't let facts get in the way of blatant clickbait! 🙄

  • Haha 1
  • Agree 2
  • +1 1
Link to post
Share on other sites
Hedon James
53 minutes ago, raymac46 said:

As a former work colleague put it: There is no foolproof system that cannot be fooled by some fool.

 

Haha!  I heard something similar.  "It's only foolproof until a 'new & improved fool' comes along."  LOL

  • Like 1
  • Agree 1
Link to post
Share on other sites
goretsky

Hello,

 

I did not see any mention of when Drovorub was released  and the time period of in which it was actively used.  It may have been roughly contemporaneous with the Linux 3.6.x  kernel from eight years ago and only now is being publicly talked about.

Regards,

Aryeh Goretsky

  • Agree 1
  • +1 1
Link to post
Share on other sites
  • 4 weeks later...
V.T. Eric Layton

Wow! Glad I upgraded my 3.6 kernel a few days ago.

 

;) Just kidding. Even Slackware's not that slow about kernel upgrades. 

  • Haha 1
Link to post
Share on other sites
securitybreach
11 minutes ago, V.T. Eric Layton said:

Wow! Glad I upgraded my 3.6 kernel a few days ago.

 

;) Just kidding. Even Slackware's not that slow about kernel upgrades. 


v3.8 then :hysterical:

  • Agree 1
Link to post
Share on other sites
securitybreach
1 minute ago, V.T. Eric Layton said:

Nah... I'm actually running one of them thar new-fangled v4.x.x kernels these days. ;)


Fancy

  • Haha 1
Link to post
Share on other sites
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...