Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
User Journal

Journal Journal: I am NOT anonymous

% echo -n "I am Mathinker, my salt is UAeqTvlu" | md5sum
efb98ed34ba58ecd29b07b1909d21da3 -

User Journal

Journal Journal: 2008: Linux privilege escalation bugs

Just want to store this research somewhere where I can link to it easily. (Original post).

If one analyzes the 10 Linux privilege escalation bugs reported for 2008 at Secunia one finds:

Of those, 5 were in proprietary software packages for Linux: Acrobat Reader, MaxDB, Avaya, SSH Tectia Client, and Red Hat Enterprise Linux. Not interesting for ordinary desktop users.

Of the other 5, 1 was in KDE, so that wouldn't affect 100% of Linux users, let's be generous (the most popular free distros use Gnome) and say that's 50% of users.

Of the other 4, 1 seems to work on general Linux systems (sys_remap_file_pages() bug).

Of the other 3, 1 requires the USBLCD driver to be used or only gives group privilege escalation, 1 requires Intel G33 series or newer chipset, and 1 requires that the kernel is running as VMI guest on a x86 system. How many boxes does that cover? Not many, except perhaps for the Intel chipsets --- let's say another 50% (because I have no idea what market share Intel has).

So that's something like 2, maybe 2.5 bugs in all of 2008. Is that "many"? Matter of opinion.

So, in summary, between 10% and 25% of the reported bugs were really mainstream.

User Journal

Journal Journal: No, I'm not mathinker@ebay

Just in case you wondered.

I'm not studying to be a CFA either... nor am I

In fact, if a "mathinker" is trying to sell or buy from you, it's not me...

Slashdot Top Deals

"Ask not what A Group of Employees can do for you. But ask what can All Employees do for A Group of Employees." -- Mike Dennison