Hacker News new | past | comments | ask | show | jobs | submit login

They didn’t fix the insecure directory creation when media is mounted?



Yes, that seems to be the much more concerning aspect of this vulnerability.

Without that, this vulnerability seems to only let you create local unprivileged user accounts which isn't such a big deal.


It's not as big a deal, but not without impact. You only need a local privilege escalation to go from a user with no rights to a fully open system. And systems are much harder to secure against code running on them with access to all those juicy kernel facing unprivileged APIs...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: