Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My understanding is that it uses pulseaudio to avoid null pointer dereference protection, but the hole is in the tunneling driver.


Any SUID binary which allows library loading would work for this purpose. Normally that's not a security problem, but a combination of other factors has allowed it to become one.


"Normally that's not a security problem" ? PulseAudio allowing arbitrary code loaded into a suid root app via command line parameters is a gaping security hole by itself.

This exploit used a trivial root exploit to setup a deeper kernel level exploit, that can bypass SELinux, hide itself completely, etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: