Hacker News new | ask | show | jobs
by ActorNightly 39 days ago
Because in order to exploit this, you have to have direct access to the computer. Either through malicious usb device, or by exploiting some supply chain or a known piece of software that will be willingly or automatically installed, and furthermore you need to be able to essentially run arbitrary terminal commands, which is a huge breach of isolation in that software.

If an attacker manages to do all that, its already bad news for you. Escalation to root with this is the least of your worries at that point.

Like someone else below posted, https://xkcd.com/1200/

People need to understand what the vulnerability actually is before freaking out about it.
2 comments
netheril96 39 days ago
You are assuming that LPE only applies to the user that holds all the sensitive stuff. But it also applies to users created specifically for isolation. Without LPE they would not have access to anything important even if they were compromised.
link
ActorNightly 36 days ago
It doesn't matter which "user" this goes through. If an attacker can get hold of a users control to the point where they can execute arbitrary scripts, you have already lost.
link
cluckindan 39 days ago
So a threat actor buys access to a managed kubernetes service, or other linux-based shared hosting platform, and now they have access to the computer.

Hell, GitHub Actions would do.

link
echoangle 39 days ago
Is there any service that relies on Linux user separation or containers to separate different user accounts? I’m pretty sure you’re not supposed to do that and the proper way is to run different instances in virtual machines.
link
ndiddy 38 days ago
Basically every shared webhost that uses cPanel works like this. The security mechanism they use is called CageFS (https://cloudlinux.com/getting-started-with-cloudlinux-os/41...), which makes it so users can't see other users, but it's not like a VM or something.
link
LelouBil 39 days ago
Right, you're not supposed to do that...
link
ActorNightly 36 days ago
Yes, because hypervisors are simply just a program that runs under linux, not total cpu/memory isolation......

Lemme guess, you probably think this can be used to hack into the backend that runs AWS from any EC2 lol?

link