Fragnesia Made Public as Latest Linux Local Privilege Escalation Vulnerability(www.phoronix.com)
31 pointsby mikece4 hours ago4 comments
  • bestouff3 hours ago
    Lots of privilege escalations these days. But are there that many multiuser Linux systems nowadays ? I'm under the impression the whole landscape is either servers or single-user desktops (and ofc Android phones).
    • dathinab2 hours ago
      > many multiuser Linux systems nowadays

      not relevant IMHO

      we don't live anymore in a time where you can trust that local apps do not misbehave, and in such a context LPE is pretty bad even in a single user system

      just thing about all the supply chain problems of recent times

      • bestouff31 minutes ago
        I would say that in a single-user system LPE isn't even needed. The moment you run malicious code all bets are off. No need to compromise the system when all your data is under "enemy" control.
    • zahlman3 hours ago
      I impersonate multiple users on my machine for organizational reasons.

      LPEs also potentially make user-level malware into system-level malware, which is only marginally more impactful for a single person on a desktop, but considerably harder to clean up. (It also broadens the range of what such malware could exfiltrate from me.)

    • INTPenis3 hours ago
      The idea is that you can exploit a service hosted on Linux to run these.
    • riedel2 hours ago
      Many university HPC clusters are run multiuser. At least login nodes.
  • nubinetwork3 hours ago
    At what point do we all start rolling our own microkernels? This is kind of getting silly now... 4 now in the past month?
    • craftkiller2 hours ago
      I hate that the Qubes OS people were right.
  • itintheory3 hours ago
    Sounds like this one is in the same kernel modules as dirtyfrag, so the existing mitigations (if in place) are sufficient.
  • TMWNNan hour ago
    UnRAID has released two point upgrades in the past two weeks because the previous AI-found vulnerabilities. Here we go again!