Comment Re:Why not send it to Linus? (Score 1) 600
What does Linus have to do with anything other than the kernel itself? He isn't part of PHP, Apache, openssh, mozilla, Gnome, gcc (etc) or attached to any distro. Unless its a kernel exploit he would be powerless to fix it and wouldn't care. There are a million ways to write such software, any competent linux dev could do so. The thing is, it doesn't matter, because it can be nullified by simple policy changes - and the fact that no two distro's are alike, "linux" can be a whole slew of differing combinations of software.
Putting something like this in the "wild" is nothing worse than metasploit, nmap, satan or any number of other tool sets. GCC and bash are just as dangerous a "toolkit".
His supposed killer malware is bullshit anyway, he's provided no details. What webserver? What distro? What does SELinux have to do with it? Is he requiring the user to know the root password, and type it in?
How about a bash script with "rm -rf
Do you know how many exploitable apps are in / have been in linux over the years? Unix in general? A shit ton! This is nothing new, revolutionary or extraordinary.