Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://dood.net/objects/5b3a0b05-f9f8-40bf-bf4b-3b966f97677b">Ross Grady (rossgrady@dood.net)'s status on Thursday, 01-Feb-2024 03:12:04 JST</a><a href="https://dood.net/users/rossgrady" title="rossgrady@dood.net"><img src="https://gnusocial.jp/avatar/158070-48-20230806190732.webp" width="48" height="48" alt="Ross Grady" style="position: absolute; left: 0; top: 0;">Ross Grady</a></section><article>I just don't even know what else needs to be said about a bunch of people who are presumably pretty good at what they do -- the glibc maintainers -- still managing to introduce a *new* buffer overflow bug (new circa 2022) into one of the most important codebases anywhere, which in turn leads to multiple CVEs.<br><br>Like, if you're still writing C of any kind in the 21st century, you have to ask yourself "am I better at manual memory safety than the glibc team?" And if the answer is no, then you're probably also writing these kinds of bugs.<br><br>RE: <a href="https://infosec.exchange/users/BleepingComputer/statuses/111847408179020212">https://infosec.exchange/users/BleepingComputer/statuses/111847408179020212</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2660545#notice-5272023">In conversation</a><time datetime="2024-02-01T03:12:04+09:00" title="Thursday, 01-Feb-2024 03:12:04 JST">about a year ago</time> <span>from <span><a href="https://dood.net/objects/5b3a0b05-f9f8-40bf-bf4b-3b966f97677b" rel="external" title="Sent from dood.net via ActivityPub">dood.net</a></span></span><a href="https://dood.net/objects/5b3a0b05-f9f8-40bf-bf4b-3b966f97677b">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@BleepingComputer/111847408179020212">BleepingComputer (@BleepingComputer@infosec.exchange)</a></h5><div> from <span>BleepingComputer</span></div></header><div>Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Ross Grady (rossgrady@dood.net)'s status on Thursday, 01-Feb-2024 03:12:04 JST Ross Grady
I just don't even know what else needs to be said about a bunch of people who are presumably pretty good at what they do -- the glibc maintainers -- still managing to introduce a *new* buffer overflow bug (new circa 2022) into one of the most important codebases anywhere, which in turn leads to multiple CVEs.

Like, if you're still writing C of any kind in the 21st century, you have to ask yourself "am I better at manual memory safety than the glibc team?" And if the answer is no, then you're probably also writing these kinds of bugs.

RE: https://infosec.exchange/users/BleepingComputer/statuses/111847408179020212
In conversationabout a year ago from dood.netpermalink
Attachments
1. No result found on File_thumbnail lookup.
  BleepingComputer (@BleepingComputer@infosec.exchange)
  from BleepingComputer
  Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/

Public

Embed Notice

HTML Code

Corresponding Notice