Hacker News new | ask | show | jobs
by thras 6037 days ago
Huh? Sorry, but to quote the advisory:

A short time ago a "local root" exploit was posted to the full-disclosure mailing list;

You don't know what you're talking about. This exploit appears to give local users root privileges, making it a local root exploit exactly as the security advisory states.

The phrase "localhost vulnerability" remains meaningless techno-babble. Localhost refers to a network address and this exploit appears to have nothing to do with that.
2 comments
davidw 6037 days ago
> You don't know what you're talking about.

I would bet pretty good money that he does:-)

link
thras 6037 days ago
I'm willing to take your bet.

He has claimed that "localhost vulnerability" was the term used on the OpenBSD list in the 1990s. Why don't you try to find it there: http://emailthreads.org/list/openbsd-security-announce.en.ht...

link
tptacek 6037 days ago
Ok. I'll officiate. What's the dollar amount? I recommend $100, and that the winner donate the proceeds to their preferred charity.

The bet is over when I demonstrate to you that (a) I didn't invent the term "localhost vulnerability", much as I wish I had, and (b) this vulnerability isn't strictly a "root" vulnerability. I'll withhold any further description in the interests of routing money from your bank account to a deserving charity, and I will match any dollar amount that davidw agrees to.

link
thras 6037 days ago
You mean "root exploit" not "root vulnerability." The second term is again mistaken, although it gets used a lot.

Did you even read the exploit code? He's figured out a way to overwrite LD_PRELOAD environment variable for anything SUID. That means that you get to tell the binary to load libraries other than what it planned on loading. And hence run arbitrary code.

This has nothing to do with "localhost." If you'd like to give examples of people using "localhost vulnerability" in the past, go right ahead and link to them.

link
tptacek 6037 days ago
Are you going to accept the bet, like you said you were? If you are, I have no desire to screw a charity out of your money by helping you with this.
link
ErrantX 6036 days ago
With th best will in the world I suggest you quickly read up who tptacek is :) (hint: a security guy, and pretty damn good one)
link
tptacek 6037 days ago
No, you're meaningless techno-babble.
link