Let the games begin...
I look forward to intelligent discourse re the pros and cons of one OS over another now....
A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege …
"They don't mean physically local I believe"
From the article:
"The vulnerability is nasty but it'd be a whole lot worse if it were to lend itself to being remotely triggered, like ShellShock and its ilk. This flaw does not fall into that category, fortunately."
That suggests a physically present attacker. I guess someone on a RAT or something might be able to make use as well, though tbh if someone has a RAT on your machine already then he might as well be in the room with you anyway.
I'm fairly sure a local user is just someone with a user account on the machine. It doesn't matter where they are. "remotely triggered" means triggered remotely by anyone with a network route to the machine over some network protocol (e.g. HTTP or FTP) with or without a user account on the machine.
If I read this correctly you need a user account on the machine. Which means it should be fairly difficult for some unknown person to get in... unless they're exploiting another problem or lax area of security.
Then, if I read this correctly, they need to have access to a SUID script... something most people don't allow. Only then can they trigger this "exploit", so I don't think it's exactly an "open goal" .... unless I've misunderstood.
Having said that I'll make sure I'm patched :-)
> and moans that Windows need a reboot after patching,
While Windows does need a reboot after an update that replaces or patches the kernel, it also needs a reboot because Windows cannot delete or replace a file that is open due to the way the file system is designed. As many library files are open on a running system then it almost always needs a reboot so that files can be deleted and replaced during start up and before they are opened.
Unix like systems using an inode file system can delete and replace files that are open because the file name is not directly linked to the data blocks but is done through the inode. An open file can continue to use the original inode while the update creates a new inode with its own set of data blocks and the file name is linked to the new inode. The old inode and its data is deleted when all processes have closed the old inode.
This means that the vast majority of updates do not require a reboot. Some systems will do in-flight kernel patching that also does not require a reboot.
<sigh> The difference is that it seems like *every* Windows patch session requires a laborious install, then a reboot, then another laborious bootup while it's "Getting things ready." or whatever it's doing, as it certainly doesn't share that information with you, then perhaps yet another reboot if the Windows kernel is being replaced.
At least with Linux, 95% of the updates are speedy, verbose if you want them to be, and do not require a reboot. My only complaint with Linux kernel updates is that after the reboot you often have to struggle with your graphics drivers no longer working, at least if you use a proprietary driver and not the underachieving ones included with Linux. But IMHO, the overall pain is far less than what MS gives you.
Ah, yes, that irritating
Configuring Windows Updates, do not turn off your computer
time sink of 5 or more minutes
Configuring Windows Updates
time sink of 5 or more minutes
desktop shows up, circle of death spinning as Windows tries to 'get its act together'
click on a shortcut to a program, circle of death starts spinning, nothing happens
click again, another circle of death, and finally, two instances of the program appear
Boss screaming about me fucking off, but I can't do shit until Windows gets its act together
And, people wonder why I abandoned personally Windows more than 10 years ago? Until I retired, I still had to content with that piece of shit O/S at work.
Made of olives (with pips removed), carrots, goats cheese.
1. Peel carrots, cut them in discs, cut out a segment to be used as beak.
2. Cut half the olives side-ways, stuff with goat's cheese
3. Place the beaks in the other half of the olives, using the opening created when the pip was removed.
4. Place carrot discs, goat-cheese-stuffed olives, carrot stuffed olives above one-another and use a toothpick to attach.
5. Serve with a St Emilion Grand Cru [Classé]
Exactly what I will bring to work next time the guyz from Accenture show their backsides 'round 'ere ...
"Just run your usual package management tools to install the patched kernels and reboot."
I guess some, maybe even most, can make this work. But for me this will involve desperately trying to create more space on /boot (not my decision to make it tiny, it's what the installer did by default, although in fairness to the installer vmlinux and friends are a lot bigger now than they were when it was written).
Then it'll involve messing around in a 800x600 window trying to figure out what spell it takes to make the graphics work at proper resolution. I have to do this for every new kernel yet somehow can never remember what variables and symlinks need to be in place to get the driver to rebuild.
A 800x600 window? Luxury! My mythtv box has the same res (hey, analog TV-out...), but I have to additionally remember NOT to switch off the machine when it hangs at every kernel update, because after 40 (yes, FOURTY) minutes it will actually realize I have no FDD then un-hang itself and proceed booting, and that's the only way it will ever boot again...
You do nobody any favours by touting one over the other. Blind devotion to one OS over another is pointless, they are tools. By all means have a favourite but choose the tool for the job and always keep your eye on competitors.
Many of us will favour Linux, others Windows but one thing I think we can all agree on is that they both need work and neither is perfect.
"What a pointless and vapid comment!
You do do favours by touting one over the other and the obvious one to tout is Linux. Other readers may start to understand why people care about the differences if they are identified and detailed!"
What a pointless and vapid comment - just what Id expect from a blinkered penguinista
Each has their place and until the penguins (SOME - NOT ALL) start acting like grown ups it will never see the light of day as the year of Linux on the desktop.
fully expect adavanced muppetry in reply.
no Kermit vuln would be exploited by anyone other than an Animal! Just keep a Sam Eagle eye out and hold out your patch Beaker before Crazy Harry takes it to Penguins.
If Windows is Gonzo win the OS war then I for one will jump off Clifford. Bobo Bear with me for a second, I can hear Miss Piggy automating some virtual machines now with the Swedish Chef - ha, what about Puppet?
Flame wars, keep away from the non fire retardant entertainment systems, Statler and Waldorf would laugh at such a pointless and vapid argument
Biting the hand that feeds IT © 1998–2019