| |||||||||||||
An ancient kernel hole is closedAn ancient kernel hole is closedPosted Aug 18, 2010 23:01 UTC (Wed) by paravoid (subscriber, #32869)Parent article: An ancient kernel hole is closed
Brad Spender recognized the security implications of the commit on a comment, here on LWN.
http://lwn.net/Articles/400141/
The comments in his exploit code are also interesting; "curious what actual vuln was involved that they were trying to silently fix [...] I smell privesc...mumblings of X server/recursion". Great catch!
(Log in to post comments)
An ancient kernel hole is closed Posted Aug 19, 2010 0:41 UTC (Thu) by clugstj (subscriber, #4020) [Link]
Brad, how many accounts do you have on LWN?
An ancient kernel hole is closed Posted Aug 19, 2010 12:13 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]
paravoid is Faidon Liambotis.
An ancient kernel hole is closed Posted Aug 19, 2010 12:20 UTC (Thu) by spender (subscriber, #23067) [Link]
Don't let facts get in the way of his conspiracy! ;) It's very difficult for guys like him to accept me being right time and again when it comes to these issues.
-Brad
An ancient kernel hole is closed Posted Aug 19, 2010 15:57 UTC (Thu) by zooko (subscriber, #2589) [Link]
Joanna Rutkowska also congratulated Brad Spender in her blog post on the subject, and she is sort of a god among security researchers (in my humble and under-informed opinion).
http://theinvisiblethings.blogspot.com/2010/08/skeletons-...
An ancient kernel hole is closed Posted Aug 20, 2010 1:15 UTC (Fri) by drag (subscriber, #31333) [Link]
Yes Yes. Spender tends to back up his arguments with facts, which is a win in my book.
Linux was never really designed with security in mind. It's priorities lay in practical uses and performance. It's the conscious application of effort and improvements that improve the security of Linux and not comparisons to Windows. :)
|
|||||||||||||