[hackernudes]

LPE = local privilege escalation

Too many darn acronyms. This one wasn't too hard to figure out from context but I wish people would define acronyms before using them!

[arcfour]

LPE is a very well-known acronym within the security community, it's not purely academic or obscure or anything.

I agree that it would be a good idea to define it explicitly when writing for a broader audience, but I don't think it's particularly egregious that they didn't. It's certainly something I could see myself forgetting.

Then again, the whole writeup appears to be AI-generated, so...

[globular-toast]

Sure, but the target audience of copy.fail is surely not the security community but regular sysadmins who probably don't otherwise follow as closely.

[a96]

I would absolutely expect a sysadmin in particular to know and understand the term and acronym.

[globular-toast]

Well I would expect a sysadmin to have already been following the kernel mailing lists and not even need to look at copy.fail.

In fact, why do people even write stuff down? Everyone should just know everything.

[SoftTalker]

It's still just courteous to define acronyms on first use, it doesn't take any real effort to do that.

[a96]

Very much true, and I would never criticize that. Just that this term would be particularly obscure to a sysadmin which seems completely backwards.

[plg94]

Understanding a term with the help of context is very different from guessing what the letters of an acronym might mean. The latter is more like a crosswords puzzle, and a totally unneccessary task for the reader.

[1970-01-01]

It is nowhere near this. There are very few acronyms in the IT world that are actually well-known outside of it. LPE is less well-known than LVAD or MCU.

https://www.acronymfinder.com/Information-Technology/MCU.htm...

https://www.acronymfinder.com/LVAD.html

https://www.acronymfinder.com/Information-Technology/LPE.htm...

[dataflow]

> LPE is less well-known than LVAD or MCU.

I knew what LPE stands for but not the others. (I've seen MCU mentioned and kinda had a vague feeling for what it is. Never even seen LVAD.)

[ButlerianJihad]

To be fair, I just consulted 3 cybersecurity glossaries (SANS.org, NIST CSRC, Huntress), and none of them list "LPE" nor "Local Privilege Escalation".

If you type "LPE" into English Wikipedia's search bar, and press "Enter", you'll be sent to a disambiguation page which contains a link to the relevant article.

https://en.wikipedia.org/wiki/LPE

[jjordan]

Good writing for a broad audience requires it. Unfortunately the LLMs don't tend to adopt this guideline.

[boston_clone]

it’s a CVE write up; the audience for these knows what an LPE is.

[acdha]

That’s very optimistic. I’d bet there are an order of magnitude more people wondering how exposed they are than security researchers reading this.

[staticassertion]

https://duckduckgo.com/?q=LPE+security&ia=web

wow

[acdha]

Sure, nobody’s saying it’s an inscrutable mystery but if your goal is to inform a wide audience it’s considered good form to expand all but the most common acronyms. It’ll even get you more internet points than petty smugness.

[staticassertion]

I think sysadmins should learn the term LPE tbh

[hackernudes]

I've read many CVEs (somehow that acronym is ok... heh) but have never seen LPE despite being familiar with the concept.

[staticassertion]

That seems literally borderline impossible.

[smaudet]

You should re-evaluate your probabilities, I too have heard frequently of CVEs, but never of an LPE.

[staticassertion]

I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.

[dataflow]

I think they've almost certainly seen it written out, just not as an acronym. I figured out what it stood for based on context and knowing the full phrase, but I don't recall actually seeing the LPE acronym in recent memory. Whereas with CVE it's the opposite: I almost never see it written out, and even now find it non-obvious what the E stands for, bizarrely enough.

[stackghost]

I could see it for someone who is only somewhat in tune with security work today.

Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.

[no-name-here]

Content at the OP link http://copy.fail seems fairly different from any normal CVE I’ve seen.

[1970-01-01]

I don't know why, but newer writers have never been taught to expand their acronyms on first use. I blame the US education system.