upvote

points

by 99990000099918 hours ago |
comments
upvoteby roxolotl18 hours ago|
next
[-]
It does? The disclosure even says the concern for single user systems is very low. If someone has access to your single user system, remote or otherwise, you’ve already lost on the sort of device people would be switching from windows to Linux on.
reply
upvoteby m304716 hours ago|
parent|
next
[-]
> The disclosure even says the concern for single user systems is very low.

For single user systems (not rigorously defined, I presume it's the intersection of our two definitions which we might be talking about) the nature of the exploit is local privilege escalation, of which there could be many possible, and many mitigations / countermeasures against. This could have suddenly appeared from the ether of "unknown unknowns" for some people.

Those people farther up the food chain still potentially have service accounts, maybe even user accounts for some purposes, perhaps "trusted" services which deliver them code which they deserialize and run once. (Have a pickle.)

severity * impact * likelihood

Not everyone looking to migrate from Windows 95 plans to run everything as root afterward.

On the copy.fail site:

    echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
    rmmod algif_aead 2>/dev/null || true
Not everybody needs or wants to wait for their distro, or plans to patch their IC firmware when a config change will do.
reply
upvoteby 99990000099918 hours ago|
parent|
prev|
[-]
Someone like an AI coding agent perhaps ? This is the type of thing Prompt injection was made for.

No OS is perfect. The awkward rollout for this bug fix is proof of that.

reply
upvoteby Filligree17 hours ago|
parent|
[-]
Root access does not typically add anything interesting, for a desktop system. All the valuable stuff is already owned by the single user.
reply
upvoteby vhantz18 hours ago|
prev|
next
[-]
As opposed to all other operating systems with no CVEs ever?
reply
upvoteby weavejester18 hours ago|
prev|
next
[-]
Hype around switching from Windows servers?
reply
upvoteby ddtaylor17 hours ago|
prev|
next
[-]
What happens if someone does the exploit in WSL?
reply
upvoteby cbarnes9918 hours ago|
prev|
next
[-]
You clearly have no idea how often windows has unpatched privesc exploits.
reply
upvoteby johnbarron18 hours ago|
prev|
next
[-]
>> puts a bit of water on all hype around switching from Windows.

Said no one ever...present post excluded :-))

reply
upvoteby jasonmp8518 hours ago|
prev|
next
[-]
[dead]
reply
upvoteby windexh8er17 hours ago|
prev|
[-]
[flagged]
reply