Slashdot Mirror
Local Privilege Escalation On All Linux Kernels
QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"
Rofl if you give someone a user account in windows they already own you.
If they wern't so busy with windows users and their non zero-balance bank accounts.
beatches while I go compiler a kurnul. I'm so glad I am a linuxtardo.
Today, I updated my Ubuntu for sixth time this year . This will be seventh.
Now I just have two wishes:
1. Can't you, Gods of the Kernel, make it more stable?
2. At least make the device driver a bit more stable?
I will kill a goat if You wish, compiling and testing three device driver on three computers every month is a bit tiresome.
Please, Sirs!
What's your point?
Oh...
So it was disclosed the 11th of august and linus has a patch today, HUH?
There are YEAR OLD bugs with this exact level of danger that microsoft simply has not patched and still refuses to patch.
Fuck you, I love my os BECAUSE i know beforehand that it will be fixed in no time....
Windows people are just plain stupid, really.
NO SIG
"ALL SOFTWARE HAS BUGS"
Not mine. Speak for yourself.
None of them can see the clouds; The polished wings don't care.
No no... not "wordpress". Youd need an exploit in the PHP-Apache stack, not just in a random web app.
Care to find us one of those tha tis currently unpatched?
NO SIG
Yes...
Do YOU know how many undiscovered bugs are in windows?
NO!
Because hell, YOU CANT KNOW what you dont have access to. Linux, at least, can be checked and rechecked and sooner or later someone will find the bug.
In the case of windows, perhaps even now there are tremendous remote root exploits that are being actively used that you dont know about. And if those follow the trends of virii or other exploit info that is available, its probably a number of undisclosed exploits like 100000 larger than all you could find in Linux.
NO SIG
Yeah. And we still make a better OS than the people that actually get paid to fix them in other oses....
So pr0n==good programming and bugfixing.
NO SIG
// leeches.c:Aug 11 2009
August, not april. Where the fuck did you get april from?
secunia.org
There is your linky...
Hell, at least you get PAID for being a MS fanboi.
NO SIG
No no, not run-of-the-mill: ive hated microsoft for a big while and still find it very, very fun to let people know how this company could'nt care less for the security of their customer's information.
I like to talk about it specially since MS has contracted some good PR firms to come into slashdot to attempt some trolling that is always easy to spot.
NO SIG
Considering the exploit has been around since 2001, it took them eight years for the patch. So much for all those eyes looking over the source code.
Hi.
You're an asshole.
Just thought someone should say it, since everybody's thinking it.
Comment of the year