Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
User Journal

Journal Journal: I am NOT anonymous

http://yro.slashdot.org/comments.pl?sid=2319574&cid=36745572

% echo -n "I am Mathinker, my salt is UAeqTvlu" | md5sum
efb98ed34ba58ecd29b07b1909d21da3 -

User Journal

Journal Journal: 2008: Linux privilege escalation bugs

Just want to store this research somewhere where I can link to it easily. (Original post).

If one analyzes the 10 Linux privilege escalation bugs reported for 2008 at Secunia one finds:

Of those, 5 were in proprietary software packages for Linux: Acrobat Reader, MaxDB, Avaya, SSH Tectia Client, and Red Hat Enterprise Linux. Not interesting for ordinary desktop users.

Of the other 5, 1 was in KDE, so that wouldn't affect 100% of Linux users, let's be generous (the most popular free distros use Gnome) and say that's 50% of users.

Of the other 4, 1 seems to work on general Linux systems (sys_remap_file_pages() bug).

Of the other 3, 1 requires the USBLCD driver to be used or only gives group privilege escalation, 1 requires Intel G33 series or newer chipset, and 1 requires that the kernel is running as VMI guest on a x86 system. How many boxes does that cover? Not many, except perhaps for the Intel chipsets --- let's say another 50% (because I have no idea what market share Intel has).

So that's something like 2, maybe 2.5 bugs in all of 2008. Is that "many"? Matter of opinion.

So, in summary, between 10% and 25% of the reported bugs were really mainstream.

User Journal

Journal Journal: No, I'm not mathinker@ebay

Just in case you wondered.

I'm not studying to be a CFA either... nor am I mathinker@rareaviation.com

In fact, if a "mathinker" is trying to sell or buy from you, it's not me...

Slashdot Top Deals

The trouble with being punctual is that people think you have nothing more important to do.

Working...