Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
Er - what? This exploit works on RHEL 6 in its default configuration. It's not exactly the far reaches of exotica.
Local root vulnerability in the kernel
Posted May 21, 2013 14:33 UTC (Tue) by nix (subscriber, #2304)
Posted May 21, 2013 20:32 UTC (Tue) by spender (subscriber, #23067)
I mentioned (as an example) user namespaces as something new in the kernel that introduced significant vulnerability not present in earlier kernels.
Drag then commented about the vulnerability that the article is about (the perf events vuln) being as significant as an ext4 data corruption bug.
You then mentioned about how you wouldn't be hit by this vulnerability without extensive changes to your system. I believe you were referring to user namespaces here, but drag was referring to perf events. CONFIG_PERF_EVENT is forced on (why?) for anyone using X86.
Ewan then followed up saying basically what I just said in the above paragraph, referring to the exploit released that was mentioned in this article, but without explicitly mentioning perf events you still understood him to be talking about user namespaces.
All sorted now! :)
Posted May 22, 2013 16:45 UTC (Wed) by nix (subscriber, #2304)
One problem with the rather nice LWN Recent Comments thing is a lack of context, and it sometimes leaves you astray :)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds