Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
Posted Jan 24, 2012 5:00 UTC (Tue) by raven667
In reply to: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
Parent article: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
> [...]so they would not be called out and people who only apply 'important' fixes would miss it.
did you just say (not the first time, if memory serves, mind you ;) that by not telling people to apply known security fixes their security will somehow be better? ;)
There is no need to address your other points, you have done a fine job on your own but on this point I can only believe you are pretending to not understand what was meant because you are attacking a straw man. The point that this statement refers to is that, hypothetically, if you have 8 bug fixes, 2 of which have known security implications and 4 of which have security implications that are unknown then telling people to only apply the two bugfixes leaves them more vulnerable then telling them to apply all 8. 6 is more than 2.
We can have opinions on whether this approach makes sense, not announcing the 2 bugs you know about and just pushing for all 8 so as to get the 4 you don't know about, but we can't pretend not to understand what the two positions are that we are discussing.
to post comments)