Jump to content

Linux Kernel Exploit Busily Rooting 64-Bit Machines


kapperz

Recommended Posts

Not sure if this affects unRaid, but just in case...

 

http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines

 

(please delete post if irrelevant)

unRAID is not a 64 bit OS

 

AND

 

If you've logged on as "root" there is no privilege to escalate. You are already there.

 

unRAID is not secure.... not as distributed by lime-technology.  Just the opposite, it is wide open with no password needed for many of the default IDs, including "root"  (5.0beta2 is better though)

 

 

Link to comment

By adding a root password fixes this mostly, correct?

The simple answer is no, it does not.   There are other un-passworded entries in almost all unRAID releases.  Once logged on, an escalation of permissions is easily accomplished.

 

I just took a look at 4.5.6. It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack.

 

Still think you are safe.  Tell you what, wait until the family is in the middle of watching a movie then log onto the server as "shutdown"   Now, still think you're safe (warning... the family may retaliate) .

Link to comment

Hi Joe,

 

Is there any guides to better lock down unRaid? Even though I can write simple scripts compile my own libs for unRaid, I'm still noobish with all of it.

 

It has three other IDs which will allow you to log onto the server other than root, plus two others that will permit a denial of service attack.

How do you see these ID's? Can these be removed and just have root?

 

This means that my router is the only line of defense for me. Thanks for the loss of sleep now  :-[

 

 

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...