Announcement

Collapse
No announcement yet.

New Kernel Vulnerability Allows Local Root For Unprivileged Processes

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • #11
    Originally posted by Pajn View Post
    As this is a use after free issue, is this something that could have been prevented simply by using Rust instead?
    Safe Rust would catch it, but in a kernel code like this might have to be wrapped in unsafe blocks anyway?
    Actually you don't need too much unsafe code in a kernel in Rust. Look at redox-os, for example. I'm almost sure it would have prevented it, since you don't actually free things in Rust, so, if it's used, it wasn't freed.

    Comment

    • #12
      Originally posted by Pajn View Post
      As this is a use after free issue, is this something that could have been prevented simply by using Rust instead?
      Safe Rust would catch it, but in a kernel code like this might have to be wrapped in unsafe blocks anyway?
      no, Rust can't prevent you from implementing false logic. Rust is no golden hammer.
      • Likes 1

      Comment

      • #13
        Originally posted by karolherbst View Post

        no, Rust can't prevent you from implementing false logic. Rust is no golden hammer.
        I used Rust last week and my cancer is gone, so please do not post BS.

        Now I am just waiting Master5000 to wake up and prove the world that Linux sux once again.
        • Likes 1

        Comment

        • #14
          Originally posted by garegin View Post
          Honestly. If you care about security you should be using Windows. There are lot of nerdy reasons to use linux, but security is not one of them.
          However the patch has already been released, you could get it now and patch yourself, distro's will have the update very soon.

          This is quite different to Windows where there are 16 yr old flaws in the all versions of Windows from XP onward that can NEVER be fixed...

          i.e

          http://blog.ensilo.com/atombombing-a...rity-solutions

          http://www.theregister.co.uk/2016/10...y_researchers/

          http://thehackernews.com/2016/10/cod...on-attack.html

          This cannot be fixed, its not a code issue its a design one, fixing the flaw would break pretty much all existing Windows applications.
          Last edited by yossarianuk; 07 December 2016, 06:06 AM.
          • Likes 1

          Comment

          • #15
            Originally posted by Pajn View Post
            As this is a use after free issue, is this something that could have been prevented simply by using Rust instead?
            Safe Rust would catch it, but in a kernel code like this might have to be wrapped in unsafe blocks anyway?
            As much as I like rust, I don't think there is any chance of the Linux kernel being written in anything except for C. If you are interested in a Unix-compatible Rust kernel, see Redox.

            Comment

            • #16
              Originally posted by garegin View Post
              Honestly. If you care about security you should be using Windows. There are lot of nerdy reasons to use linux, but security is not one of them.
              You made my day! There's no more insecure system over Windows. Known security holes unfixed by months, broken design that allows viruses from xp era to affect your newest shinny NSA Windows 10.
              • Likes 2

              Comment

              • #17
                Originally posted by yossarianuk View Post
                This cannot be fixed, its not a code issue its a design one, fixing the flaw would break pretty much all existing Windows applications.
                So it's official: winblows is broken by design.
                • Likes 2

                Comment

                • #18
                  Originally posted by Passso View Post

                  I used Rust last week and my cancer is gone, so please do not post BS.

                  Now I am just waiting Master5000 to wake up and prove the world that Linux sux once again.
                  I learned rust last week and became a millionaire today! You should try it.
                  • Likes 1

                  Comment

                  • #19
                    Arch Linux kernels (linux and linux-lts packages) already patched:
                    Explore groups · GitLab
                    https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=940e837f7352bcc1b0e5d5104c8d90804c411541
                    GitLab Enterprise Edition

                    Explore groups · GitLab
                    https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux-lts&id=a73e03916030224aa124d81bdc9f45ee1bc75b5a
                    GitLab Enterprise Edition

                    Comment

                    • #20
                      Originally posted by cj.wijtmans View Post

                      I learned rust last week and became a millionaire today! You should try it.
                      True, Donald Trump switched from C to Rust and see how successful he is:

                      - the Trump Tower
                      - the Trump Airplane
                      - the Real Big Boss of America Status

                      BTW I was reported that Raspoutine and Einstein are Rust's creators. Others rumors cite Droopy but lack of sources and have to be confirmed.

                      Comment

                      Previous 1 2 3 4 5 template Next
                      Working...
                      X