Security vulnerability found in Rust Linux kernel code(git.kernel.org)
29 pointsby lelanthran5 hours ago5 comments
  • aw16211074 hours ago
    Effectively a dupe of this thread from ~14 hours ago: https://news.ycombinator.com/item?id=46302621 (130 comments as of this comment)
  • thesz3 hours ago
    The mistake there is a classical example of why (software) transactional memory is valuable. Double linked lists are trivial in single core execution, need PhD level understanding of everything in multicore execution and become trivial again in multicore execution with (S)TM.

    Rust has troubles with STM because it lacks anything resembling effect system. Most probably, this will not be fixed.

  • dizhn4 hours ago
    The URL this points to does not say anything about security. There's an example of a race condition causing memory corruption and a crash.
  • arowthway2 hours ago
    I hate this bot-detection anime girl popping up on my monitor while I pretend to be working. Same goes for the funny pictures at the beginning of some Github readmes. Sorry for complaining about a tangential annoyance, but I haven't seen this particular sentiment expressed yet.
    • megnuan hour ago
      I use a uBlock Origin filter to block the anime girl from loading:

        ! Title: Hide Anubis Image
  */.within.website/x/cmd/anubis/static/img/*.webp$image
    • sebtron2 hours ago
      Normally I don't mind, but on this page it took at least 15 seconds for me.
    • jraphan hour ago
      It is expressed very often.
    • udjdndndjdjr2 hours ago
      I had an idea!

      Instead of using this to do some proof of work, why not just get the bot detector to mine bitcoin or something...

      I mean it is just as useless... And at least the website gets some money back from the raw extraction of data now happening...

      Edit: speeeeeling

  • pityJuke4 hours ago
    Within the Android drivers, right?
    • jeroenhd4 hours ago
      Technically, binder is still part of Linux, even if it's not enabled by default in many cases.

      This "security vulnerability" is just a local DoS though. Annoying and problematic as it effectively bypasses controls over power on/off behaviour, but as far as I can tell from this report, no memory is leaked and no code execution can be achieved.

      • yourdetect3 hours ago
        It's UB, it is not memory safe, so in theory, and often also in practice with this specific kind of bug, absolutely anything could happen, including code execution.

        Greg Kroah-Hartman's comment is both wrong and perplexing.

    • uhfraid4 hours ago
      yes