'/usr/bin/su' and '/bin/su would never be in the memory cache at all ... by default ... except in systems that run entirely in memory.

Perhaps suid binaries should have special sandboxing for forcing them to be read from protected media into sandboxed memory addresses.

Maybe that would be a tougher nut to crack?

#Linux #Fragnesia #DirtyFrag #CyberSecurity #Exploits

Remember 7.0.5/6.18.28 kernels? These that had one #DirtyFrag fix but #Gentoo had to backport the other?

Today's 7.0.6/6.18.29 kernels have the other fix. But #Gentoo kernels also backport a fix for that fix 🤦. https://lore.kernel.org/all/agDTmXM2wXnJflYc@v4bel/

As usual, thanks to @thesamesam for finding the patches needed.

#Linux

Anyone else here so worried about #DirtyFrag that they feel they can't use their Linux computers until it's fixed?
Is that rational do you think or am I just being paranoid?

When #CopyFail came out I made sure to update the kernel immediately.

#Linux #cybersecurity

I have a daft question about #CopyFail and #DirtyFrag

I have some old Linux appliances which aren't getting updates any more (security cameras, amps, Android tablets etc).

Assuming I can log in as a normal user, does this mean I can get root on them?

I guess they need to be sufficiently modern to have these vulnerabilities - but in theory it should work, right?

#CyberSecurity

#DirtyFrag: Universal Linux LPE

https://github.com/V4bel/dirtyfrag

#cybersecurity #Linux #FOSS

New #Gentoo Distribution Kernel batch went stable just now, with fixes for both variants of #DirtyFrag for the newest kernels, and fix + mitigation for older versions where no fix exists yet.

Thanks to @thesamesam for the patches!

RE: https://fedi.lwn.net/@lwn/116538328401421358

The patch to fix the second half of #DirtyFrag is at its third iteration now: https://lore.kernel.org/all/af2kdW2F1gJ9U-Gg@v4bel/

#LinuxKernel #kernel #Linux