Linux exploit gives root access, goes unnoticed for NINE yea

File: 1446479271927.jpg (474KB, 920x900px) Image search: [Google]

474KB, 920x900px

DELETE THIS WINTODDLER

"The systems using a Linux kernel are right now running with security flaws," Cook wrote. "Those flaws are just not known to the developers yet, but they’re likely known to attackers."

So glad I use an OS made by actual programmers not a tree house hobbyist project that anyone can poke holes through like swiss cheese

>>57164173
>tree house hobbyist project
kek'd

that's only one of the seven the government is sitting on. Enjoy your "muh secure" OS.

>use Linux
>have exploits that don't get patched for 9 years
>use windows
>Microsoft sells exploits to Israel and the NSA
>use BSD
>Never do anything on your computer
>Use TempleOS
>Have access to the greatest operating system of all time with literally flawless security and all the programs and tools you'll ever need
Why haven't you switched yet?

It's funny how people don't think the NSA/CIA has people who infiltrate open source projects and organizations and do the government's bidding.

>This is an ancient bug that was actually attempted to be fixed once by me eleven years ago
AHAHAHAHA OH WOW

https://lkml.org/lkml/2016/10/19/860

and its patched

>>57164414
only 35 more remains that will be patched next decade

>Bug is discovered
>Patch is made and distributed immediately to all distributions
>Somehow supposedly much worse than when all of this happens behind a veil of secrecy and is only distributed to the latest versions of Windows
It's a bit like when macfags laugh about how macs don't get trojans the same way windows does due to gatekeeper keeping people from installing shit off the internet. The fact that you don't know about something like this happening behind the scenes doesn't make it any better.

Oh well... It's not like /v/ is going to stop leaking microbabbies any time soon.

>>57164279
anon you must delet this at once

>local privilege escalation
Wow it's fucking nothing

>>57164474
more like they will be patched as they are found i mean the kernel is opensource so if you are that concerned about it then find them yourself or pay someone else to find them

>>57164128
This is true of all operating systems.

every single OS has countless backdoors that are circulated or haven't even been discovered yet

Do you fools not think Windows/Apple has the same problems? They're just not made public.

Are you implying this shit doesn't happen on Windows every week?

>>57164503


>Somehow supposedly much worse than when all of this happens behind a veil of secrecy and is only distributed to the latest versions of Windows

The fix is only available in the latest kernel retard, its up to the devs of every distro to backport the fix to whatever version of the kernel they use. So its only going to be backported to supported kernel versions.

>bu bu muh veil of secrecy

Guys stop replying to this low effort garbage

>>57164670
shutup this is the most informative post on /g/ in weeks

File: linustorvalds.jpg (51KB, 658x364px) Image search: [Google]

51KB, 658x364px

>>57164563
>>57164582
>>57164662
>>57164670
>All this denial

>>57164539
>just sort through every single line of code in the kernel

Sure.

>>57164120
saved

File: 235235235235.jpg (18KB, 300x237px) Image search: [Google]

18KB, 300x237px

So does this mean every android phone has a fresh new exploit?

>>57164711
>one irrelevant beg went under the notice
SHUT IT DOWN

>Losedows users clinging to this small security bug when Windows sends reports to the NSAout in the open
KEK

>>57164762
Yes. Also,

>average lifetime of a Linux bug is five years.

Lol.

File: 1263397833989.jpg (30KB, 411x334px) Image search: [Google]

30KB, 411x334px

>>57164104
>Disclosure of the nine-year-old vulnerability came the same week that Google researcher Kees Cook published research showing that the average lifetime of a Linux bug is five years.

5 YEARS

File: file.png (411KB, 524x720px) Image search: [Google]

411KB, 524x720px

wtf i hate linux now

moving to the best os

>>57164749
i mean you could also stop spazzing and realize all OSes have exploits

>>57164667
this is why LTS kernels exist

>>57164104
Does it work on Android?

>>57164799
Yes, but with closed-sourced OSs you don't even know that there is a bug, nor even for how long.

>>57164999
Yeah, and since attackers don't get to read the source code, they don't know it's there.

>>57165008
>since attackers don't get to read the source code
But they do, they get it handed on a silver platter.

File: 1475888418850.jpg (88KB, 801x567px)

88KB, 801x567px

>>57164212
>muh "gubberment"

fuck off bootlicker.

>>57165374
Oh yeah. I guess that's why all anti-virus software is open source. /s

File: Windows 10 Literal Spyware HQ Edition.webm (3MB, 1280x720px) Image search: [Google]

3MB, 1280x720px

Daily gentle reminder that Windows 10 acts like an exploit/vulnerability/trojan as standard.

This is why nobody takes Linux seriously

>>57164104
Nine year old flaw is discovered. Gets patched. Film at eleven.

>>57164279
It's also funny how people don't think the NSA/CIA has people who infiltrate popular online gathering places and do the government's bidding by spreading fud about linux, tor, encryption, etc.

>>57164104
B-b-b-but linus torvald is a geneeous, he'd never let garbage commits through!111

File: 54749b656ab28bec50c6bed36aa82b1c.jpg (48KB, 640x640px) Image search: [Google]

48KB, 640x640px

>>57166219

Whatever you say means nothing compared to the shitfest that Linux is as OP has proven.

You Linuxfags like to claim your high horse muh security bullshit while all your communication is being logged even more than anyone else's as confirmed by the Snowden leaks

>>57166583

/thread

>>57166252
>This is why nobody takes Linux seriously
You mean like major scientific research centers, supercomputer developers, the US military, and Google server farm? Odd how they all use linux despite no one taking it seriously, eh?

>>57166583
Shill detected. Badge number, please.

>>57166583
>Whatever you say means nothing compared to the shitfest that Linux is as OP has proven.

Already patched.

>You Linuxfags like to claim your high horse muh security bullshit while all your communication is being logged even more than anyone else's as confirmed by the Snowden leaks

This isn't within the scope of Linux contributors and engineers but is a lot better than your baby OS.

>>57165008
Reverse engineering is a thing that helps you to produce even more CVE for MS or Apple products. I don't even use CoW and hard to imagine android have this feature. That would be a memory hog.

>>57166583
Our horse is in the MS stable. Deal with it.

>>57164104
>implying windows is better

File: 2f7.jpg (94KB, 601x508px) Image search: [Google]

94KB, 601x508px

>>57164352
>willy

File: 1471363794246.jpg (109KB, 798x650px) Image search: [Google]

109KB, 798x650px

>>57164104
mfw linux not only failed as a desktop OS but now a server OS

File: 1468166448807.jpg (327KB, 920x900px) Image search: [Google]

327KB, 920x900px

>>57164120
a more conservative version of this image

>>57164104
Patch was released weeks ago, I don't see any issues here

File: 21428151304206.jpg (918KB, 1920x1080px) Image search: [Google]

918KB, 1920x1080px

Not even remote!

>>57164254
>TempleOS has any network features?

>>57164104
Hi shill.

>>57164279
>It's funny how people don't think the NSA/CIA has people who infiltrate corporations and other companies that produce closed source proprietary software and do the government's bidding.

>>57170123
Also mine :^)

>>57164104
WTF I hate linux now!

>>57164173
>actual programmers
$0.05 has been added to your account pajeet

>>57171019
Is it you? :^)

File: 1475012033749.png (45KB, 231x277px) Image search: [Google]

45KB, 231x277px

>>57166634
Yeah, they use Linux for their servers but hopefully never have to deal with it on desktop.

>local privilege escalation
wow, thanks for the update rajesh.

I see it's fixed as well

>>57171080
Actually many of them use it for desktop too. Took the b8. :)

>>57171590
Wangblows #rekt

>>57164120
anime pro here I use macOS

>>57171066
>implying I'd ever be freetard
anon pls no
eww

>>57170975
That's why it is that secure

File: 1476064892214.png (183KB, 318x325px) Image search: [Google]

183KB, 318x325px

>>57164104
It's a bug where you would need a compromised piece of software or allow your comptuer to have multiple users via ssh, etc to someone not trusted

>>57164104
Don't be daft, Linux is open source so every line is checked by thousands of highly component people on a daily basis, there is no way that Copy-On-Move could have a serious and reliable way for someone else to gain control of your computer.

>>57166135
>/s
>>>/reddit/

>>57171080
Pretty much purely linux for desktop in the sciences.

File: MNDeKv45Gvw.jpg (54KB, 604x550px) Image search: [Google]

54KB, 604x550px

>>57172345
>thousands of highly component people on a daily basis

Actually not. Peer reviewers are on shortage even on Linux development too.
The thing MS shills don't know is, the Linux and any other OSS can have automated code review as they think it's not exist even on Linux too and talk about only "Linus' law". A maintainer who is know his code inside-outside is a must for every project (ie OpenSSL).
Sadly if we post every zeroday and other unpatched shit (Google made fun of MS in the past) then /g/ could be flooded with MS related CVE's. Sadly arstechnica need to produce b8 too as the usual paid it shitposting.

>>57164104
I have always wondered how Linus Torvalds has a fortune of 100 million dollars. Now we know

>kernel exploit
>stuck on Linux 3.18
Well fuck

>>57166219
>using a insider preview
>complaining about spyware

>>57174225
If you're using some mainstream distro the version number is only for feature parity. Security updates will be backported to it by your distro maintainer

>>57174491
You mean even for a processor-specific kernel where development seems to have ceased I'm still going to get an update for this?

>>57174511
If you're using some dead architecture/distro you might have trouble getting the update.

i'm not an expert at systems programming, but doesn't this really strengthen the case for memory-randomization?

It's fine, I'm using systemd.

>>57174530
yes, all is well.

I masturbate as I laugh every time some linux fag claims (mah free ware cant be haxore or infected" and than I write another packet just for them and send it off with a kiss into the world.

>>57176154
Weed combined with shitposting not goes well for you.

>>57166548
Don't know if your being sarcastic or not. But the fact you all dumbasses allowed truecrypt to be completely Burned down to the ground because it posed a future threat to the great us of a , proves your and my point.

>>57177999
>Truecrypt
You should be using dm-crypt/LUKS if you're serious about security anyway.

>>57164540
Even OpenBSD?

>>57181160
No OS is perfect, just because there are no known security holes doesn't mean there are no security holes.

>>57181193
Doubt

Please, give evidence of at least 3 different security vulnerabilities in OpenBSD this past year, that isn't due to the ports tree or X Window System.

>>57181354
If they were known they were patched, dumbass. I'm talking about unknown vulnerabilities.

>>57181362
Well of course they would be, fucktard.

But there probably aren't any new vulnerabilities if there were never any old ones.

>>57181637
>But there probably aren't any new known vulnerabilities if there were never any old known ones.
FTFY

>>57171949
can confirm, also a pedophile

>>57181637
There's a first time for everything. There's always a chance a vulnerability known only by a certain few hasn't been publicised yet.

>>57181694
You're fucking retarded, aren't you?

If an operating system with a relatively large userbase has no history of vulnerabilities, then it is safe to say that there aren't any.

>>57181764
That "first time" has come and gone.


Jesus fuck, I bet you're the same type of faggots who think that the number of reported rapes only make up for 5% of the actual amount of rapes in the US.

>>57181900
>If an operating system with a relatively large userbase has no history of vulnerabilities, then it is safe to say that there aren't any.
Clearly you're the retard. Take Bash for example. It's much smaller than an OS and shellshock went unnoticed for decades.

>>57181900
So you'd rather go with a "If nobody I know knows about X, then X doesn't exist" mentality? Oh, I see where this is going.

(You)

>>57181963
Bash wasn't made with the intent of security being why they eat, sleep, and breath.

>>57182046
Sure.

All you need are three vulnerabilities in OpenBSD that aren't due to the ports tree or the X Window System. Then I'll concede my point.

>>57182101
>All you need are three vulnerabilities in OpenBSD that aren't due to the ports tree or the X Window System
Can't list unknown vulnerabilities, you fucking moron.

>>57164667
>he doesn't use a rolling release distribution

>>57174511
Install Gentoo if you want support for weird archs

File: HLG.gif (194KB, 228x160px) Image search: [Google]

194KB, 228x160px

>not using mac os

>>57164670
Who cares if you aren't bumping the thread?

>>57182116
I didn't say they had to be unknown, fucktard.

How could you possibly know about them if nobody knows about them?

>>57182133
Gentoo won't fix anything, you can't compile a kernel for a processor it doesn't support.

>>57182151
What processor?

>>57182145
See >>57181193
I was saying that I'd be surprised if OpenBSD didn't have unknown vulnerabilities. Then you were like lol list them retard

HOW THE FUCK DO I LIST UNKNOWN VULNERABILITIES, YOU FUCKING ILLITERATE TWAT?

>>57182168
Ingenic JZ4780

Good thing I switched to Mac OS when I got a job.

>>57182174
If we want to get a bit philosophical, then: even if we could list one, then it wouldn't be unknown anymore, would it?

Thank goodness security isn't just about preparing yourself against known threats, but about potentially unknown ones too.

>>57182197
MIPS32 based?

>>57182248
Yeah

>>57182174
No, I never told you to fucking list UNKNOWN vulnerabilities, you fucking dunce.

Maybe you ASSUMED that I did, but that was neither intended nor implied, fuckface.

HOW THE FUCK CAN YOU THINK I WAS ASKING YOU TO LIST UNKNOWN VULNERABILITIES YOU MOTHERFUCKING RETARD?

>>57182257
>HOW THE FUCK CAN YOU THINK I WAS ASKING YOU TO LIST UNKNOWN VULNERABILITIES YOU MOTHERFUCKING RETARD?
BECAUSE I WAS FUCKING TALKING ABOUT UNKNOWN VULNERABILITIES. IF YOU ASK ME TO LIST THEM OF COURSE I'M GOING TO FUCKING THINK YOU WANT ME TO LIST UNKNOWN VULNERABILITIES, YOU FUCKING MONGOLOID.

>>57182252
Gentoo can be built on MIPS32, if there's a site with kernel patches to enable some types of hardware that aren't on these devices listed on this page https://wiki.gentoo.org/wiki/Project:MIPS

You can setup a crosscompilier chain, build on a host OS with portage, and you even tell portage how to patch the kernel for you.

>>57182301
No fucking shit Gentoo runs on MIPS32, the problem is that Linux does not support this specific processor. There's a fork that was working on gaining parity with the mainstream kernel development so they could merge into the actual kernel and they never made it past 3.18.
https://github.com/MIPS/CI20_linux

Wouldn't thid sort of shit happen all the time on Windows, except when they find out they just wouldn't tell anyone about it?

>>57182270
I asked you to list vulnerabilities, you autistic fucking retard.

Where do you see the word "unknown" in >>57181354 , huh, dipshit?

You don't, because IT ISN'T THERE.

Not only that, but we've already established what I was asking beyond a reasonable doubt with >>57181637 .

Whatever, though.

I'll rephrase my question, though, so your dumb ass can actually comprehend it, as reading comprehension is not your strong suit.

Please, give evidence of at least 3 different security vulnerabilities in OpenBSD this past year, that isn't due to the ports tree or X Window System.

LIST AT LEAST THREE DIFFERENT SECURITY VULNERABILITIES IN OPENBSD THIS PAST YEAR, WHETHER KNOWN, UNKNOWN, PATCHED, UNPATCHED, OR OTHERWISE, THAT ISN'T DUE TO THE PORTS TREE OR THE X WINDOW SYSTEM.

Do you understand now, you massive fucking autistic faggot?

>>57182374
Anon, you are beyond retarded. Do the world a favor and off yourself.

>>57182330
I'm saying you'd have to write an ebuild to pull source from the git repo, patch it(with a patch that you'll have to write with inspiration from current implementations)

>>57182397
Yeah, nah.

>>57182384
Please, explain to me just why I'm retarded.

I'm all ears, and I'm still waiting for the answers to the clearly defined criteria I have outlined in >>57182374 .

>>57182411
Because I was specifically talking about unknown vulnerabilities and you asked me to list vulnerabilities. Then I repeatedly explained this to you and you kept insisting you were right when you couldn't possibly be more wrong.

>>57182407
Welp, thats what happens when you have unsupported toys you're unwilling to play with.

Wouldn't have to worry too much anyways because they'd have to get local access and push a compiled binary for your shit.

>>57182439
Fuck off dumbass

>>57182426
I don't understand how somebody can be this retarded.

The request for knowledge of unknown vulnerabilities was neither written nor implied.

I've repeatedly told you I did not explicitly request for such.

Not only that, but I hav also explained my reasoning for knowledge of vulnerabilities in the first place.

I seriously don't understand why you have to be such a fucking faggot, especially now.

I have already catered my original question TO YOU. Now all you have to do is answer it.


Just stop going into FUCKING semantics and answer the question.

>>57182426
> Because I was specifically talking about unknown vulnerabilities and you asked me to list vulnerabilities.
> you asked me to list vulnerabilities.
This is exactly right, and is what I have been trying to explain to you for the past half hour.

> Then I repeatedly explained this to you and you kept insisting you were right when you couldn't possibly be more wrong.
I don't understand how you could possibly imply this.

>>57182546
I was specifically talking about unknown vulnerabilities. Any other form of vulnerability was irrelevant to the conversation. For you to ask me to list ANY kind of vulnerability is proof of your retardation as it's impossible for me to list any vulnerability I was talking about BECAUSE THEY'RE FUCKING UNKNOWN. Go back to >>>/r/eddit and take that shitty post formatting with you.

>>57182579
I honestly don't know how you can be this retarded and still operate a computer. See >>57182580

>>57182592
Just an anon not knowing what's being actually talked about, nothing else.

We're talking about >>57181193

>>57182580
Un-fucking-believeable.

"Irrelevant to the conversation" my fucking ass, because that's all you've been complaining about.

I've already given you my reasoning behind wanting the knowledge of vulnerabilities, why can't you just answer the fucking question?

> Go back to >>>/r/eddit and take that shitty post formatting with you.
Typical.

GAIAFAG 4 LYFE

>>57182592
Despite what you may have originally stated, I requested vulnerabilities, OF ANY KIND, and you still have not delivered.

> I honestly don't know how you can be this retarded and still operate a computer.
That's because I'm using a phone :^)

>>57182635
How are known vulnerabilities even remotely relevant to a conversation about UNKNOWN vulnerabilities?
>Despite what you may have originally stated, I requested vulnerabilities, OF ANY KIND, and you still have not delivered.
Because A) they're irrelevant and B) THERE FUCKING AREN'T ANY. I NEVER CLAIMED THERE WERE. Jesus Christ anon seriously how the fuck are you alive?

>>57182629
To which I countered with >>57181637

>>57182666
To which I countered with >>57181694

>>57182666
If it doesn't "click" with >>57182689 then I'm afraid we can't help you anymore.