* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
— Simone Margaritelli (@evilsocket) September 23, 2024
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR
Unauthenticated RCE vs all GNU/Linux systems (plus others), disclosure due in 2 weeks
https://x.com/evilsocket/status/1838169889330135132
- 65
- 61
Jump in the discussion.
No email address required.
NOOOO LINUX CANT BE EXPLOITED NOOO SECURITY THROUGH OBSCURITY NOOO
Jump in the discussion.
No email address required.
NOOOO THAT DOESNT COUNT WINDOWS IS CLOSED SOURCE THERE COULD BE 8 GORILLION BACKDOORS IN THERE NOOOO
Jump in the discussion.
No email address required.
Anybody who uses Linux on desktop should have a pretty good idea what passes for security most of the time.
Jump in the discussion.
No email address required.
Bro you keep mass coping about desktop vs laptop lmfao
Jump in the discussion.
No email address required.
Laptops are known to be less secure, idiot
Jump in the discussion.
No email address required.
Sure okay
Jump in the discussion.
No email address required.
I use linux for everything and I can attest that linux security is terrible. They gave up on kernel hardening a long time ago and there is effevtively no sandboxing at all in userspace.
Pretty much all security is terrible everywhere, but linux may be one of the worst because "just dont compile and install malware lmao" has been "effective enough" security for a while.
So its a matter if you can obscure malware in source code rather than binaries. But the good thing is that static analysis of source code is far better than static analysis of binaries (antivirus is pretty useless just uses binary heuristics)
We need some sort of rust-like languge/ static analysis tool that works together witb userland sandboxing that is real easy to use (more like BSD Jails, less like apparmor).
Jump in the discussion.
No email address required.
LMFAKOOOOOOOOOOO
Jump in the discussion.
No email address required.
PaXbros...
https://lwn.net/Articles/721848/
https://madaidans-insecurities.github.io/linux.html
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Yet another r-slur who has no idea what hes talking about.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
No I mean desktop as in desktop Linux- not android.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context