Recent Features
| |||||||||||||
Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)Posted Jan 25, 2012 11:48 UTC (Wed) by ekj (guest, #1524)In reply to: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4) by PaXTeam Parent article: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
Yeah okay. If you apply a patch that "fixes the bug for real, and does not introduce any new bugs", then you cannot be worse off than you where initially, agreed.
How do you know if the patch you have in front of you is one of those ideal patches ?
(Log in to post comments)
Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4) Posted Jan 25, 2012 13:24 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
> How do you know if the patch you have in front of you is one of those ideal patches ?
did you mean a general you or me personally? as for myself, if (i believe that) i know enough to determine this i will do so (e.g., i voiced my concerns regarding this particular case already), otherwise i do as anyone else would have to do: trust someone else. for kernel code i'm familiar with or for simple fixes (say, bounds checking a parameter) it's usually the former case, otherwise it's the latter. from my experience most attempts at fixing a problem turn out to be correct, very few introduce further problems or fix them inadequately (e.g., you can compare the number of CVEs fixing previous CVEs to the total number of CVEs to get an idea).
|
|||||||||||||