A /proc/PID/mem vulnerability
Posted Jan 26, 2012 10:28 UTC (Thu) by rswarbrick
Parent article: A /proc/PID/mem vulnerability
... Torvalds is treating security bugs differently. They are no longer "just bugs" because some of the details of the bug are being purposely omitted. That may make it difficult for "black hats"—though it would be somewhat surprising if it did—but it definitely makes it more difficult for those who are trying to keep Linux users secure.
Well, kernels are more painful to upgrade than most other software (since you pretty much have to reboot). As such, there's always going to be a bigger window between patches going out and machines being patched. If someone is malicious and knows about what's going on in advance, you're stuffed whatever Linus chooses to write in the commit message.
However, if someone malicious is grepping through kernel commits for "suid", "privilege escalation" or the like, it doesn't make much sense to point out bugs for them. There are a *lot* of patches going into the kernel each day: without a "OOH LOOK, THIS IS FOR HAXXORS" message, I find it hard to believe that staring at kernel commits is a good way to find vulnerabilities.
to post comments)