Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

"All the boring bugs are way more important" is misleading #3

Open
Karunamon opened this issue Oct 20, 2016 · 7 comments
Open

"All the boring bugs are way more important" is misleading #3

Karunamon opened this issue Oct 20, 2016 · 7 comments
Labels
¯\_(ツ)_/¯

Comments

@Karunamon
Copy link

In fact, all the boring normal bugs are way more important, just because there's a lot more of them. I don't think some spectacular security hole should be glorified or cared about as being any more "special" than a random spectacular crash due to bad locking.

This is... wrong. Really, horribly, terribly, dangerously wrong.

While I share no love for this new meme of cute sites and marketing names for security bugs, privilege escalation > denial of service, and that goes double at the kernel level. It's the difference between having your website defaced and having your customer data leaked or your machine joined to a botnet.

This is not equivalent to the other 5,000 bugs on CVE this year because:

  • It's kernel level
  • It's privilege escalation
  • It's been around for nine years
  • It's being exploited in the wild
  • Every OS vendor is treating this as deadly serious.

Please consider treating this bug with the respect it deserves. Your site, as written, could lead someone to believe that it's a non issue.
Karunamon added a commit to Karunamon/dirtycow.github.io that referenced this issue Oct 20, 2016
@Karunamon
Tighten up the graphics on dirtycow#2 and dirtycow#3 a little bit
024e3fe 
Reference: https://www.youtube.com/watch?v=BRWvfMLl4ho
@dirtycow
Copy link
Owner

This is a quote from Linus Torvalds. http://yarchive.net/comp/linux/security_bugs.html

@Karunamon
Copy link
Author

I know, but this is still wrong. Your page is now coming up in google results for this bug, and as written, someone who doesn't follow Linus Torvalds quotes would think this is a trivial thing.

@I2obiN
Copy link

I2obiN commented Oct 22, 2016

Dunno, kinda feel it's a bit early to jump the gun on this one. It's not really privilege escalation, and relying on read-only file protection as a means of opsec access control isn't smart for any organization or user.

@ivan
Copy link

ivan commented Oct 22, 2016

Are you joking around? You can probably get root just by writing over a password field in /etc/passwd, and probably in a dozen other ways.

@ivan
Copy link

ivan commented Oct 22, 2016
edited
Loading

See rapid7/metasploit-framework#7476 which seems to replace a setuid root binary.

@dirtycow
Copy link
Owner

Cheer up, Ivan. You know what they say. Some things in life are bad, they can really make you mad.
Other things just make you swear and curse. When you're chewing on life's gristle, don't grumble, give a whistle! And this'll help things turn out for the best

@I2obiN
Copy link

I2obiN commented Oct 22, 2016

I actually did try testing out exactly that this morning except it was /etc/shadow, couldn't get it to add anything, but yes you could craft a sudo user or something I'd guess.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
¯\_(ツ)_/¯
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ivan @Karunamon @I2obiN @dirtycow