This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide.
For exploiting a privilege escalation the attacker must be able to run their own code on your machine. If you let them do such things, you already have more than enough security problems in the first place.
Except for supply chain attacks. You get a foot in the door, and open the rest with impunity
Yes, but still a privilege elevation bug is still less risky than a remote execution one.
They’re replying to the victim blaming mentality of “if you let them then you have bigger problems” in your comment. Not your point about it being less dangerous than remote execution.
Feeling pret-ty smug about my Windows 10 machine rn ngl
Your Windows 10 machine? Microsoft disagree.
Local attacker? So on your LAN
And that kids, is why we are pushing for Rust in the Kernel
But… You dont understand, Rust is the devil! If Rust were made the kernel’s main language it would terrible because that would mean change 😭😭😭
But then the kernel wouldn’t be free! Free as in ‘use-after-free’!
(/s in case it wasn’t obvious)
Yay! Pick an arbitrary solution to a problem just because it’s different and shiny! The shine will fix it!
Okay, then why we need to use a language that has more in common with OCaml? What about using a better C instead?
Magical pills do not exist. Better start pushing old fuckers incapable of learning out of the project (yeah, I don’t like this kind of treatment of Rust just because it is not C either)
Old fuckers exist to protect young fuckers from throwing out the baby with the bath water.
I’m referring to the ageism implied in the statement, I don’t care about C vs Rust any more than I care about vi vs emacs or KDE vs Gnome.
Old fuckers have experience, they have seen many next big things come and go, that’s why they seem slow to adopt new stuff. Of course this annoys new fuckers a lot, as they want to play with their new shiny toys now.
Patience is a virtue, young grasshopper.
Ooh, so “get out with this Rust, I ain’t gonna think about when writing my code” is protecting a baby now?
Lol. You have no idea what you are talking about about here 😂
Granted, I was mostly shit posting. But in all seriousness: wouldn’t Rust prevent that kind of exploit by inherent design?
Due to Rust’s ownership semantics, when we free a value, we relinquish ownership on it, which means subsequent attempts to use the value are no longer valid.
https://stanford-cs242.github.io/f18/lectures/05-1-rust-memory-safety.html
Improbable. Everything has bugs that surface. See my other link, or look yourself. There have been plenty of security fixes for Rust. It’s not bulletproof, just like anything else, just less likely specifically for certain memory attacks to be vectors.
Clearly you have no idea. Rust makes this kind of bug impossible.
WOW. No, it would make it improbable. It’s not like there can’t be zero-days for Rust, bud. This particular attack vector deals with memory handling, and sure, Rust’s main feature is memory security and management. Doesn’t mean there aren’t bugs to exploit there.
https://linuxsecurity.com/features/rise-of-rust-based-malware
Neither do I. What’s Rust in this context?
Rust is a programming language which was designed to be memory safe without any of the overhead caused by traditional memory safety techniques employed by existing languages (namely, garbage collection and reference counting). It does this by shifting the memory management from happening at runtime to happening at compile time. The compiler forces the programmer to follow certain rules to ensure that their program can be proven to be free of errors such as use-after-frees and double-frees. Because of this design philosophy, Rust is a good fit as a replacement for C, because it can do everything that C can while ensuring the programmer doesn’t make any mistakes with regard to memory management.
