Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
Posted Jan 25, 2012 19:40 UTC (Wed) by farnz
In reply to: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
Parent article: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
I've already given you a reference - if you can't find where you said "which is it?" in this thread, you are clearly simply trolling.
I gave you extra detail about the fix, to avoid an incomplete disclosure of information, as I felt that would be unfair on you - I did not wish to trap you in a position where you said something clearly stupid as a result of my failure to provide full information. You have chosen to play with words, and say that the fix "isn't a security fix", despite the fact that it was clearly intended to fix a security problem, and indeed fixed the described security problem. The fact that it opened up a fresh security problem is a bug in the fix, not evidence that it's not a fix.
I stated that a human being, paid to go over the list of commits between 3.2 and 3.3 could identify all bugfixes; you have refused to engage with this.
You are choosing to engage in personal attacks ("are you nuts") rather than engage with the meat of my statement, which is that if you are analyzing all bugs for security impact anyway, this commit does not try to discourage you from doing so - instead, by indicating that there were permission check problems, it invites you to analyze this commit in more detail, to determine whether it affects security.
In short, I believe that you are deliberately playing with words to avoid admitting that you are asking for the unreasonable. All bugs have security relevance in the right context (as anything that reduces availability of a system, such as a filesystem corruption bug, is a potential denial of service vector), ergo all bugs should, by your statement, be labelled as "security bugs".
to post comments)