The security concern
The security concern
Posted Nov 27, 2024 23:20 UTC (Wed) by roc (subscriber, #30627)In reply to: The security concern by carlosrodfern
Parent article: The kernel's command-line commotion
The attacker can create a hard link to get the same effect. Or they can use ptrace to inject a prctl call after exec.
There are some situations where a restricted attacker could manipulate argv[0] but not comm. But they're very narrow. Just ranting that "comm is THE TRUTH" is totally misleading.