7 comments

[ 7.6 ms ] story [ 31.5 ms ] thread
I’m no expert, but from the looks of thing it seems like a local privilege escalation vulnerability/exploit, tied to the Linux kernel’s eBPF subsystem.

So depending on your use case it may not be a “stop the line” vulnerability, but I would still like to know if this is patched yet or not in the latest Ubuntu repos.

I have come to have the opinion that protecting against root exploits makes very little sense. If you have the right to run code on a target machine as a local user, you already have almost all the permissions you need to bad things.

With only local access, you can install ransomware, you can steal the user's credentials, you can run a crytocurrency miner, etc, etc. Pretty much the only thing you can't do is install an undetectable rootkit.

There are very few systems that take this risk seriously, and Qubes OS is the only one that provides at least some sort of reliability to their enforcement. Things like Flatpak is better than nothing, but still have some way to go.

I just don't think that one should worry much about someone getting root access on your system if at the same time you install random npm modules on the same machine where you do your internet banking.