{"id":6678,"date":"2026-05-01T06:24:43","date_gmt":"2026-05-01T06:24:43","guid":{"rendered":"https:\/\/really.zonky.org\/?p=6678"},"modified":"2026-05-01T12:48:32","modified_gmt":"2026-05-01T12:48:32","slug":"copy-fail-persists","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=6678","title":{"rendered":"Copy.Fail Persists!"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">If you have heard of the <a href=\"https:\/\/copy.fail\">copy.fail<\/a> Linux vulnerability, you may have chosen to try exploiting it. A not unreasonable thing to try especially if you work in the field. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Dead simple wasn&#8217;t it? Now go ahead and replace that <em>\/usr\/bin\/su<\/em> binary. It has been &#8216;permanently&#8217; changed to not ask for a password when escalating to root. This is admittedly obvious if you study the exploit carefully or have gone through a decent walk-through.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Well not quite permanently; it has been updated in the memory cache of the file. But it is still a <em>very<\/em> good idea to clean up and replace that file before someone realises. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But we&#8217;re sometimes in a hurry &#8230; or working in the evening when we&#8217;d rather be doing something else.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">So remember to re-install <em>util-linux<\/em> (Ubuntu, Debian, and probably others).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And yes I was that dumb!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now the remaining question, is what have we broken by disabling this ALGIF_AEED module?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have heard of the copy.fail Linux vulnerability, you may have chosen to try exploiting it. A not unreasonable thing to try especially if you work in the field. Dead simple wasn&#8217;t it? Now go ahead and replace that \/usr\/bin\/su binary. It has been &#8216;permanently&#8217; changed to not ask for a password when escalating <a href='https:\/\/really.zonky.org\/?p=6678' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[4,209,489],"tags":[2352,2350,2351,61],"class_list":["post-6678","post","type-post","status-publish","format-standard","hentry","category-it","category-linux-it","category-security","tag-algif_aeed","tag-copy-fail","tag-su","tag-ubuntu","category-4-id","category-209-id","category-489-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"https:\/\/mstdn.social\/@grumpygrimnir\/116497887017361548","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-1JI","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/6678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6678"}],"version-history":[{"count":2,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/6678\/revisions"}],"predecessor-version":[{"id":6681,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/6678\/revisions\/6681"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}