A nasty local kernel vulnerability
Posted Feb 27, 2013 10:27 UTC (Wed) by khim
In reply to: A nasty local kernel vulnerability
Parent article: A nasty local kernel vulnerability
The economics changed for the attackers, allowing them greater scale. However, it hasn't really changed the economics for each individual or even businesses, in the main.
It's even worse then that. This discussion was started when it was known that "economies of scale" was broken (automatic exploit didn't work). Now the question becomes extremely technical: yes, we know that you need some offsets for any custom build of kernel, but is it something attacker can automatically guess from System.map or is it something attacker need to painstakingly dig from memory using esoteric debugging techniques? The natural assumption is that you need to use esoteric debugging techniques, but if the situation is different in some cases you'll never hear from PaX && Brad directly about that which turns their messages to classic "cry wolf" messages.
to post comments)