A privilege escalation flaw in udev
Posted Apr 23, 2009 14:12 UTC (Thu) by BenHutchings
In reply to: A privilege escalation flaw in udev
Parent article: A privilege escalation flaw in udev
No, that commit does what it says. The commit that fixed this bug was made by Scott James Remnant and has the subject "libudev: monitor - ignore messages from unusual sources". This is not entirely explicit, but it may not have immediately occurred to him that this was a severe security flaw. I can say that he was fairly quick to notify others about it.
to post comments)