A nasty local kernel vulnerability

PaXTeam need to constantly imply that they know stuff that nobody else knows to sell their product. Their business relies on not freely sharing information about kernel vulnerabilities. Openness and disclosure is against their business interests - snidery, vagueness and implication is their stock-in-trade.

They need to give the impression of being permananently ahead of the game.

Rise above it.

> at worst a sarcastic comment would have achieved some education

there you go: https://lwn.net/Articles/539942/ (in case it's still not obvious, 'supported' refers to 'supported by the exploit' because it was castrated before publication, something that should have been obvious to anyone who bothered to read the README).

so the first conclusion is that you missed that opportunity of enlightenment. let's see how you fared next:

> Some of us don't touch kernel stuff precisely because [...]

right, so you admit to not understand anything about the exploit, the exploited bug, the affected kernels, etc. and you never read the README either (you don't need to be a programmer to understand it). and you didn't read the explot log to which you responded either else you'd have noticed the very clear discrepancy between the to-be-exploited kernel's version and what the exploit itself offered. *yet* you felt utterly compelled to share your non-existent wisdom with the rest of us and managed to actively mislead the poor OP at the same time (we call it giving someone a false sense of security). what do you think of yourself in that light? what i think is that the proverbial road to hell is clearly paved with arrogant incompetence.

one would think at this point you'd have realized the errors of your way, but clearly that's assuming too much of your intellect. watch this:

> The explanation you were after "It hard-codes memory addresses for known
> kernels".

so what did i post almost an hour before your first rant (not that it wasn't already in the published sources that you could have read as well)? that's right, these very pesky hard-coded memory addresses for known kernels (known to the trimmed down exploit, that is).

> The logical next question is then: How hard is it to find those
> addresses for the kernel in the example above, and test the exploit
> properly?

the logical next answer is that you go look at the exploit source code (did i say that too many times already?) and read what those addresses are and realize that they're a grep away.

> Hell, if I was in your place,

hell, i wish you weren't, you'd do too much damage due to incompetence.

> [...]I'd make a working exploit for a particular kernel if it's that
> easy to do so from the code given, and demonstrate your skills rather
> than mouth off about them

actually, there was nothing mouthing off about anyone's skill, or it was at most about the lack thereof (that'd be your reading comprehension ;). and why on earth would i give people a loaded gun when i've never done it in the past? as you can see, the average person is way too careless, the only reason the OP's box didn't get erased is because the exploit publisher was kind enough, which is a rather rare occurance these days as most dangerous stuff stays private and public 'leaks' often come with some extra baggage you really don't wish to run.

> (You'll notice that your "explanatory" post was posted after my initial post above

and also before your rant, yes.

> and still that doesn't demonstrate that a newer kernel is or is not
> vulnerable, only that some well-known kernels have values hardcoded).

a kernel is not vulnerable because an exploit exists against it. a kernel is vulnerable because it has an exploitable bug. and we know that 1) such a bug does exist in this case, 2) which kernels are affected (did you even read the article itself?). so if you want to know if you're vulnerable, you go check you kernel version, you don't need an exploit for that. if you're a curious cat or have other nefarious intents, get off your butt and at least read the code you're about to run and figure out what needs adjustment. and no, i'm still not giving you that loaded gun, i hinted at enough details already that should get you going if you really want to.

last but not least, if i cared about your opinion, you'd think i'd have shown some results by now. clearly, i don't give a shit but then i guess it won't stop you from trying (what was that Einstein quote about insanity again? ;).

Is this your emoblog now? Sorry for the intrusion.

a) Your analogy to the physical world is inapplicable as the potential for exploitation at a massive scale changes the economics considerably.

b) The Average Joe has no clue about the severity of a vulnerability or about the sophistication of the current generation of attacks. It would be good news if your Average (I assume, Professional) Joe did an actual cost/benefit analysis but, at least in my experience, they generally have neither the expertise nor the professionalism to do that.

67 billion a year in the US only, according to the FBI in 2006.

You are correct in stating that you don't have to have perfect security. But it's like the bear/shotgun joke goes: you don't have to outrun the bear, you have to shoot your mate in the knee so you can outrun *him*. When PaX && Brad "cry wolf", they are actually showing you that your mate can outrun you, so you're bear snack!

Bonus: mixing two animal-world metaphors... :-D

sure, if you're talking about your own ;). you see, you didn't answer a single question of mine. do you have stats or not? you don't. do you have examples where we cried wolf? you don't. facts speak, strawmen don't.

> You assume people want to know about all security bugs for some reason.

quote me back on that or you just made this up. seriously, do find a quote from me where i said anything even remotely close to that. you won't because you can't because i never said anything like that (never mind that right in the very post you responded to i said myself that there're people who care to whatever extent and there're people who don't care). making reality fitting your distorted world doesn't work without backing up with (preferably less distorted ;) evidence. so go find some (this goes for all your other posts too, but i'll address some of them there).

> And Joe Average is the same: security bugs which have little chance of
> affecting him directly are of no interest to him!

you're wrong, did you even read my post you responded to? it's not only that the average user (most people) don't care about bugs that don't affect them, they don't care about *anything* whatsoever because they don't even *know* that such things can exist (and the few who the mass media manages to reach with this information still don't *understand* so they're not in the position to be able to care)!

> From that POV you "cry wolf" all the time and you are much, much, MUCH closer to 0% then to 100%, sorry.

here we go again, without any shred of evidence of what exactly we did that you think was crying wolf? a single example pretty please (although i'd still prefer that stat of yours ;)? and i mean examples that exist on the internet, not in your head only.

> When you bait these people [...]

evidence please or you made this up.

> [...]ridicule them because they don't diligently study all your patches

yes, we critize people who should care about security but don't. you also critize everyone who doesn't think your way, what's your point then?

> you just show your hypocrisy, nothing more, nothing less.

i suggest you look up that word, it doesn't mean what you think it does (hint: it'd apply to us if we expected others to care about security whereas we wouldn't care at the same time, i think even you admitted that that's not the case ;).

> That's about what people expect from discussions on LWN

provide evidence or you made this up. be careful 'cos i have my own quotes directly from lwn posts where people explicitly asked the exact opposite of what you're suggesting here ;).

> and that's what you expressly refuse to discuss.

what i discuss is not up to you to decide mon ami, it's up to me. you don't have to like my choices any more than i or anyone else has to like yours or anyone else's. welcome to the real world. with that said, i think i provided about 1000x more useful information about security bugs over time here and elsewhere than you ever will (your whining doesn't count ;).

> You show some snippets of information

did you even read what i posted? it was *public* information, linked straight from the article. you know there's some irony in that you're showing the exact symptomps of the twitterbrain that you so critized in the past yourself ;).

> and then laugh on people

evidence or you made this up too. if anything, i was worried about them destroying their systems by being so careless when they ran an exploit they didn't understand (the loaded gun example, see somewhere above).

> who can try to understand if they actually should care about it or if
> they should expect their more or less regular system updates to fix
> problems.

khim, if you don't understand a topic, can you please stay out of discussing it, never mind giving out advices to the laymen? i wrote about this before in this very thread but let me repeat it: your kernel is *not* exploitable because someone posts a working exploit to the public! your kernel is vulnerable because it has an exploitable bug! can you digest that? do you understand that testing your system this way would only give you a false sense of security? yeah, i don't expect you do. so please take it on faith that you should not care because you see an exploit in the wild, you should care because there is an exploitable bug in your system, don't wait with the upgrade till an exploit appears.

> After few such repeats

more evidence wants to be seen.

> people learn that it's more-or-less impossible to receive useful
> information from you[...]

first, i didn't know i was supposed to provide such a service. second, when spender or me did provide such information in the past, we were criticized for *that*. i don't think you can have it both ways ;).

> and they know that after bazillion of your "wolf" cries wolf didn't come

this is again the same lie you keep repeating and based all your rants on. so prove it or admit you made this up.