TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

0% Positive

Analyzed from 244 words in the discussion.

Trending Topics

#user#multiuser#linux#single#malware#install#bin#false#security#systems

Discussion (11 Comments)Read Original on HackerNews

bestouffabout 2 hours ago
Lots of privilege escalations these days. But are there that many multiuser Linux systems nowadays ? I'm under the impression the whole landscape is either servers or single-user desktops (and ofc Android phones).
dathinababout 1 hour ago
> many multiuser Linux systems nowadays

not relevant IMHO

we don't live anymore in a time where you can trust that local apps do not misbehave, and in such a context LPE is pretty bad even in a single user system

just thing about all the supply chain problems of recent times

zahlmanabout 2 hours ago
I impersonate multiple users on my machine for organizational reasons.

LPEs also potentially make user-level malware into system-level malware, which is only marginally more impactful for a single person on a desktop, but considerably harder to clean up. (It also broadens the range of what such malware could exfiltrate from me.)

riedelabout 1 hour ago
Many university HPC clusters are run multiuser. At least login nodes.
INTPenisabout 2 hours ago
The idea is that you can exploit a service hosted on Linux to run these.
nubinetworkabout 2 hours ago
At what point do we all start rolling our own microkernels? This is kind of getting silly now... 4 now in the past month?
craftkillerabout 2 hours ago
I hate that the Qubes OS people were right.
itintheoryabout 2 hours ago
Sounds like this one is in the same kernel modules as dirtyfrag, so the existing mitigations (if in place) are sufficient.
chasilabout 2 hours ago
RedHat's mitigation is this:

  $ cat /etc/modprobe.d/dirtyfrag.conf
  install esp4 /bin/false
  install esp6 /bin/false
  install rxrpc /bin/false
Are those correct for this exploit?

https://access.redhat.com/security/vulnerabilities/RHSB-2026...

itintheoryabout 2 hours ago
Yep, that's the advice from AWS for the previous set of vulnerabilities:

https://aws.amazon.com/security/security-bulletins/2026-027-...

That one also includes disabling user namespaces. Could be problematic if they're in use.

LawnGnomeabout 2 hours ago
I don't know, but the problem with blocking esp4 and esp6 is that IPsec stops working, as I understand it.