Linux distros patch 'Dirty Pipe' make-me-root kernel bug

Re: Linux Bias?

"This is a dangerous vuln that's out in the wild on millions of devices. The fact there's a new kernel doesn't mean Android devices will get updated to it."

That will be the kernel update that arrived last night on my laptop.

As to Android - I'd like to know a bit more about how to exploit it. I might be able to wrest control of my phone from Google.

Re: Linux Bias?

"The fact there's a new kernel doesn't mean Android devices will get updated to it."

Are many versions of Android affected? The article states that the bug appeared in linux kernel 5.8. Android is usually based on LTS kernels. Cross-checking with the list of kernels on

https://source.android.com/devices/architecture/kernel/android-common

suggests that anything before Android 12 is unaffected, since Android 11 and earlier are based on kernel 5.4 or earlier. There is also an Android 12 kernel which is based on 5.4, so that should be fine too.

Most of the "never get an update" Android devices out in the wild will have older versions of Android on so should be fine. Most Android 12 devices will be eligible for updates, and I would imagine that will happen pretty soon for devices running Android 12-5.10 (the article notes that there is a fix for 5.10 kernels).

Re: Linux Bias?

You have to understand that The Register readership, in large part, throw a Nelsonian eye at any fault, bug, defect, security flaw in Linux while they trumpet the same in Windows.

I have used Linux for about 25 years now. Unfortunately what I have written above is true in my experience. A lot of penguins are utterly blind to any sort of fault in Linux, and are happy to blame anyone and anything else but Linux.

There was the article about the *stolen* Nvidia certificate here: https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/. One of the posts had the comment 'Linux's reputation is getting trashed because of Nvidia's proprietary drivers.'. Yeah. That's right. A stolen certificate trashes Linux's reputation. What if you are not using Nvidia cards in your Linux box? And why would you use Nvidia when your penguin master has such an anti-Nvidia attitude?

Re: Linux Bias?

Calm down Francis. {This paraphrase is a reference to the motion picture, "Stripes."}

The reason we all hit on Microsoft is that since the 1980's they've been using a formula developed by the automotive industry {Reference will be found in, "Fight Club."} to determine whether or not they will issue a patch. I was working for a major health provider [CHW] at 'Ground Zero' - "DaVinci," when we all started getting pissed off. The temperature of our pissed-off is the only thing that motivated Microsoft to get up off their lazy, unconcerned, condescending 'sofa' to fix their shortcomings. By comparison, we in the Linux community are hyperactive about fixing problems as we encounter them. Apologists for Microsoft, "Need Not Apply."

RH kernels

Red Hat kernels apparently bear little relation to their headline version number. They backport and tweak an insane amount of stuff, so that kernel is probably no more 4.18 than my hamster's brain firmware is.

'And so, my fellow Americans: ask not what your country can do for you—ask what you can do for your country'

And so, my fellow 'mericans: ask not what your country can do for you - ask what you can grab for yourself.

Alas it seems the USA is seeking a monopoly on knowledge. It seeks control over dissemination of knowledge, over the publication of scientific research, over 'who knows what', and 'who is allowed to know what'.

I'm fairly certain you can substitute the name of any other country in the so-called "developed world" for the US in that paragraph. Security agencies as a whole work that way. It's in their remit, whether written in officially or not.