Damn Vulnerable Linux - The most vulnerable and exploitable distro

mahmud 15 years ago |

Securing this beast should serve as a nice training course for any sysadmin; bonus points if you start handing out shell accounts to anonymous people in certain neighborhoods of EFNet.

pavs 15 years ago | |

Just update packages to the latest, patched version. What so difficult about it?

mahmud 15 years ago | | |

If this is based on a popular distro, maybe; but if you wanted to loosen up a Linux box, you can build a freak from pieces that no one would find lineage for, much less a repo.

pavs 15 years ago | | |

umm no.

He specifically mentions that all the softwares are vulnerable:

"Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks."

Just replace them with the latest, patched, default configured version.

btilly 15 years ago | | |

What pieces of software do you replace? How do you replace it? Remember that it likely doesn't some with anything like apt to make this easy.

kaens 15 years ago | | |

You wipe the disk and install OpenBSD.

zachrose 15 years ago | | |

Or you could just get an iPad.

milkshakes 15 years ago | | |

There are other ways to update software..

mahmud 15 years ago | | |

Riiight, downloading individual packages, libraries and kernels and building them from source. Which is why I thought it would be a good exercise, however very boring.

Running a Bastille script on the box would give you a quick TODO list. Pushing it to "production" and getting a few servers up and running, across version incompatibilities, would prove a bit more interesting. Running it under an older 2.4.x or 2.2.x kernel, doubly so.

joe_the_user 15 years ago | | |

I'm far from a security expert.

I have spent hundreds if not thousands of hours upgrading random packages in Linux for various reasons. Afterwards, I didn't feel any wiser in security or anything except how to build stuff (well, maybe a bit of systems stuff...).

If upgrading is main task here, what do you really learn? If upgrading isn't the main task here, what is?

ciupicri 15 years ago | | |

Not update, but upgrade to another more secure distribution.

nphase 15 years ago | |

Or 4chan.

sliverstorm 15 years ago |

> Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever!

Wait, they topped Windows 95 and Windows ME?

Is that even possible?

pjscott 15 years ago | |

I love how, on those OSes, you could freeze the whole thing solid with a three-byte program:

   cli   # clears interrupts
   loop: goto loop

This ballooned to a colossal four bytes if you put it in an EXE file, of course.

mahmud 15 years ago | | |

You could do it from debug.com but that one doesn't have labels, so you will need to use an explicit jmp.

  C:\hack\lisp\cl-gdata\base>debug
  -a
  13EA:0100 cli
  13EA:0101 jmp 101
  13EA:0103
  -g 0100

yesimahuman 15 years ago | | |

Technically speaking, how would an OS avoid that issue, without breaking compatibility (unless that is acceptable)?

mahmud 15 years ago | | |

You can't be bug compatible for things that violate the processor's protection protocol. Access to certain bits of the EFLAGS register is unavailable to unprivileged code. In fact. Just because you were allowed to raid and pillage by Microsoft for a few years doesn't mean it's the norm.

derefr 15 years ago | | |

Sure you can—just let them stomp all over a virtualized processor/memory space.

dfox 15 years ago | | |

You cannot meaningfully virtualize access to EFLAGS:IF. You can either emulate(/JIT) almost whole CPU or ignore this issue. And anyway, turning of interrupts is something that essentially does not make sense for user process, so it is better to just disallow that (which is what almost everything else but non-NT windows does)

JoeAltmaier 15 years ago | | |

Any OS on that early hardware had this problem, right?

wwortiz 15 years ago |

That actually sounds like a fun concept.

morazyx 15 years ago | |

Seems a decent educational tool too.. run in a virtual box and let your students go all out overflowing buffers and seeing the concepts in action. It comes with easy-to-follow guides.

JoeAltmaier 15 years ago | | |

OK for learning about what has been solved; kind of hacking-101. BUt the exploits involved have all been fixed in the products in that distro. What to use for the advanced class?

mfukar 15 years ago | | |

Refer to popular wargames. You could start here: http://www.smashthestack.org

datamonk 15 years ago | | |

i have it on my VM, can someone point me to where these guides are? KDE confuses me :). i will RTFM, I just need to find it first. thanks.

morazyx 15 years ago | | |

/dvl ;)

nsfmc 15 years ago | | |

an actual distribution

Spoutingshite 15 years ago | |

It looks like a honeypot on steroids!

nhnifong 15 years ago |

Whats with all the grammatical errors on that site? Is it a joke?

known 15 years ago |

http://en.wikipedia.org/wiki/Openbsd is the most secure OS.