• Excel@lemming.megumin.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 hours ago

      There has always been new local privilege escalation bugs every month on Linux, and they’re not a big deal.

    • 8uurg@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      1 day ago

      Privilege detection can be detected (i.e. by having a certain application run as root), if you have a piece of software try out a bunch of things (fuzzer, or more recently an LLM-in-a-loop) until this detection is triggered - evidence of actual success, even when things like LLMs are prone to ‘hallucinations’ (or lies) - you’ve got evidence of an exploit.

      We have reached a point where this methodology is applied to a bunch of codebases, with some technological advances making it more capable and faster, hence the larger number of exploits being found.

    • psud@aussie.zone
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 day ago

      Yes. AI bug searches are proving very fruitful. Linux is going to be so much more secure in future

      What’s going to be exciting is when AI can read binaries as well as it reads code, then we get the same quantity of bugs but for windows and Apple and all the phones

      Fun thing with this bug is that sandboxes and containers can’t save you — any process that can execute local code can run this exploit and get root.