Linux

65253 readers

1594 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

191

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available (github.com)

submitted 1 week ago by rabber@lemmy.ca to c/linux@lemmy.ml

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] CodenameDarlen@lemmy.world -1 points 1 week ago (26 children)

What's up with all these vulnerabilities?

Kind of worried to be honest, two in like a week? Pretty scary.

I'm very dumb about Linux technical stuff but I feel like root access is way too easy to be accessed.

Is there any way to make it harder? I mean let's say similar to Android, you need to unlock the boot loader first, flash a recovery and flash Magisk or something, that's a good layer before root access.

At least for Linux Desktop, maybe make it so we can get root access only via a bootable USB with a correct password? Just for sporadic system changes.

Is there anything like that?

[–] Ooops@feddit.org 5 points 1 week ago

Setups like Android or those new fancy ummutable distros don't actually make anything more secure. If the underlying OS is drectly exploited they don't protect you. Not having a mechanism included to get you root permissions regularly, doesn't help you against exploits achieving the same in unplanned ways. In fact -allthough that's a minor issue- you can probably specifically target the latter distros even after a patch: After all we are talking about direct changes to binary code here. On that level you could get ideas about manipulating the overlay to access the unpatched files.

In the end the most effective way to be more secure is not a mass produced thing like Android that locks out everyone (and not even being that good at it because there are masses working to circumvent it to get control over their device back), but to minimise you attack surface: Don't have stuff activated you don't need. Have a kernel compiled for your device with only exactly the components you really need. Or whitelist all kernel modules you need and nothing more. Explicitly declare what a user can do and access actively (see: SELinux, AppArmor with strict policies) instead of relying on the underlying passive permission system.

load more comments (25 replies)