On Tue, Jan 19, 2016 at 04:09:10PM +0000, Rainer Weikusat wrote: > Steve Litt <[email protected]> writes: > > Beware: > > > > http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html > > Just another local privilege escalation. May enable users to gain > control of their own Android devices (imminent end of the world > predicted!) and affect setups where untrusted users are able to execute > arbitrary code as themselves.
While rooting locked-down Androids is a good think, one shouldn't play down the severity of local exploits. While in a number of scenarios the game is already lost without the attacker gaining root, they're not use cases. But a kernel vulnerability differs from any other patched security issue only by the need to reboot after "apt-get upgrade". -- A tit a day keeps the vet away. _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
