X

Security hole found in Linux

Programmers identify a vulnerability in the heart of Linux that could let people take control of their own systems--even if they don't have privileges to do so.

Headshot of Stephen Shankland
Headshot of Stephen Shankland
Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors | Semiconductors | Web browsers | Quantum computing | Supercomputers | AI | 3D printing | Drones | Computer science | Physics | Programming | Materials science | USB | UWB | Android | Digital photography | Science Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
2 min read
Programmers disclosed a security hole this week in a part of the heart of the Linux operating system that could let users of a machine take it over even if they don't have privileges to do so.

The vulnerability affects


Reader Resources
Linux/UNIX security
TechRepublic

both the 2.2 and 2.4 series of Linux kernels, the core of the operating system, said Alan Cox, one of the key deputies of Linux founder Linus Torvalds in the programming community that collectively produces Linux. Those kernels are at the center of several Linux products released recently from companies such as Red Hat and SuSE.

The problem could let "local" computer users--those with permission to log on to a machine--to gain "root" access and take complete control of the machine, Cox said. Such local vulnerabilities are considered less severe than remote ones that let attackers over a network take over a machine even if they don't have a basic user account on it.

The problem affected the "ptrace" component of Linux, which is used to help find bugs in software.

Cox submitted a patch to fix the problem Monday. Top Linux seller Red Hat posted a patch for the vulnerability on Monday.

A recent spate of security problems have cropped up in several open-source programs. Earlier this week, programmers disclosed a vulnerability in the Samba package used to share files between Windows, Linux and Unix systems that could let attackers across a network take over a computer. In addition, a recent problem in the Sendmail e-mail server software opened up the possibility of network-based attacks.