Linux Has Been Smoked By A Dirty Pipe

Source: Ars Technica Linux Has Been Smoked By A Dirty Pipe

All Your Pipeline Are Belong To Nobody

Several pipelines have been in the news lately, but this one is a wee bit different as it refers to the pipelines in Linux used to pass data from one process to another.  A very dedicated tech spent several months tracking down the root cause of a customers trouble with repeatedly corrupted files and discovered a bug in the Linux kernel was responsible for the trouble.   A bit more research determined that this bug could be leveraged in a variety of spectacularly nasty ways by someone interested in causing havoc, and gave it the name Dirty Pipe.

The bug could be leveraged to allow the built in nobody account which has the lowest levels of permissions possible, to add an SSH key to the root user’s account and then use that key to start a new SSH session with full root privileges.  At that point an attacker would have full control over the machine.  Unfortunately, that is just the start of the problems as other researchers found a variety of other possibly attacks once the bug was made public.

Using this bug the nobody account can overwrite protected read only system files, create new users, creating cron jobs to run in the background, modifying the scripts that services use and a variety of other nasty things which you really don’t want to think about.  The good news is the Dirty Pipe bug has been patched in kernel versions 5.16.11, 5.15.25, and 5.10.102, so check your systems and start updating any that have fallen behind.

Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!