Fragnesia Made Public as Latest Linux Local Privilege Escalation Vulnerability

(phoronix.com)

23 points | by mikece 3 hours ago ago

11 comments

  • bestouff 2 hours ago

    Lots of privilege escalations these days. But are there that many multiuser Linux systems nowadays ? I'm under the impression the whole landscape is either servers or single-user desktops (and ofc Android phones).

    [-]
    • riedel 5 minutes ago

      Many university HPC clusters are run multiuser. At least login nodes.

    • dathinab 38 minutes ago

      > many multiuser Linux systems nowadays

      not relevant IMHO

      we don't live anymore in a time where you can trust that local apps do not misbehave, and in such a context LPE is pretty bad even in a single user system

      just thing about all the supply chain problems of recent times

    • zahlman an hour ago

      I impersonate multiple users on my machine for organizational reasons.

      LPEs also potentially make user-level malware into system-level malware, which is only marginally more impactful for a single person on a desktop, but considerably harder to clean up. (It also broadens the range of what such malware could exfiltrate from me.)

    • INTPenis 2 hours ago

      The idea is that you can exploit a service hosted on Linux to run these.

  • nubinetwork an hour ago

    At what point do we all start rolling our own microkernels? This is kind of getting silly now... 4 now in the past month?

    [-]
    • craftkiller an hour ago

      I hate that the Qubes OS people were right.

  • itintheory 2 hours ago

    Sounds like this one is in the same kernel modules as dirtyfrag, so the existing mitigations (if in place) are sufficient.

    [-]