>Disagree because to run the PoC you really ought to understand what it’s doing.
replythat is contained in the report, which will look similar to the blog. the maintainers will have an open line of contact with the reporters as well. the poc is a small part of the entire report. its not like the linux maintainers only received this poc and have to work out the vulnerability from it alone.
>It is failing at letting people confirm the exploit easily.
it confirms the exploit incredibly easy. just run it, and you get confirmation.
what the blog says and what the code does are two different things.
replyFor all I know the blog itself is a honey pot. I need to know what the code does before I run it.
>I need to know what the code does before I run it.
replyits literally code meant to exploit your system. you should be running it in an environment built for that already.
you dont test exploit pocs on your daily driver.
While your at it you can enter your credit card details to see if they've been leaked.
reply