As of today, Linux Kernel 2.6.x has been hacked for lots of local root exploits. Anyway, it doesn't matter how many they are but it does matter that most of that exploits valid on most Linux stations. One serious case is that they also valid on even cluster distribution like NPACI Rocks. In other words, the whole servers in a cluster maybe exploited for cracking bigger goal, e.g., password decryption. Ones may argue that it is not that dangerous because they are local root exploits, not remote root exploits. Yes, they are. But you have to imagine the power of grid computing where you can run a job seemlessly on remote clusters with automatic executable staging. That's enough. One may exploit the whole grid instantly.

It's time for hardening Linux clusters. Let's start by upgrading kernel and patching some weaknesses. For example, umount-loop, mount-loop, sys_prctl #1 #2 #3 #4, proc, and prctl. Sadly, most of these exploits valid on NPACI Rocks 4.1.

Technorati Tags: linux, rocks, cluster, grid, local root exploit