Linked by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
It's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.
Permalink for comment 378458
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2007-07-25
What I find interesting about this is that every linux fanboy usually argument that WinXP is insecure because it run as admin by default. (personally I find that argument bogus since it does not take into account the value of the "to be protected" content, but that is another discussion).
Now, since this Linux vulnerability pretty much says "assuming that I have local access I can get root for free", won't that in practice mean that every remote exploit in any common user level application (including server applications) is in practice a remote root exploit for the last 8 years? Considering that after you compromised the local user account through an appplication level exploit you can further gain root access on every linux release for the last 8 years...not unlike exploiting a user level application on WinXP and gaining admin privileges?
My point is that this vulnerability may appear to be harmless since it "requires local access", but won't this have a deeper significance since the whole "linux is more secure than winxp because winxp run as admin by default" argument pretty much is dead, considering that this vulnerability existed for the same 8 years as the winxp issue?
Just my 2c.
Edited 2009-08-14 05:04 UTC