286

New 'Looney Tunables' Linux bug gives root on major distros (www.bleepingcomputer.com)

submitted 9 months ago by JoeKlemmer@lemmy.myserv.one to c/linux@lemmy.ml

45 comments fedilink hide all child comments

From BeepingComputer.

you are viewing a single comment's thread
view the rest of the comments

[-] qaz@lemmy.world 127 points 9 months ago* (last edited 9 months ago)

A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.

It’s always memory management

[-] Eezyville@sh.itjust.works 35 points 9 months ago

Didn't Microsoft do a study on security vulnerabilities and found that the overwhelmingly number of bugs was due to memory management?

[-] kryllic@programming.dev 27 points 9 months ago

I think you're referring to this: https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/

[-] qaz@lemmy.world 14 points 9 months ago* (last edited 9 months ago)

That was the what I was thinking of when I wrote the comment. The CTO of Azure also said that he deems C++ in it’s entirety to be deprecated. I felt it was an exaggeration at first but I’ve started to agree with him recently.

Google also noticed a 33% decrease in Google Home crashes caused by NullPointerExceptions after switching to Kotlin. They have also declared Kotlin to be the preferred language for android.

It seems like the industry is shifting towards “safer” languages.

[-] Snowplow8861@lemmus.org 4 points 9 months ago

I'm not in America but the organisation for NIST recommends it in guidance now and its getting backing by the nsa

https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/

https://www.zdnet.com/article/nsa-to-developers-think-about-switching-from-c-and-c-to-a-memory-safe-programming-language/ https://www.malwarebytes.com/blog/news/2022/11/nsa-guidance-on-how-to-avoid-software-memory-safety-issues

I see this becoming required in the future for new projects and solutions when working for new governnent solutions. The drum is certainly beating louder in the media about it.

load more comments (2 replies)

load more comments (18 replies)

this post was submitted on 04 Oct 2023

286 points (99.0% liked)

Linux

45530 readers

1029 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz