The Washington Post published an article today which describes the ongoing tension between the security community and Linux kernel developers. This has been roundly denounced as FUD, with Rob Graham going so far as to claim that nobody ever attacks the kernel.
Unfortunately he's entirely and demonstrably wrong, it's not FUD and the state of security in the kernel is currently far short of where it should be.
[Here is] an example. Recent versions of Android use SELinux to confine applications. Even if you have full control over an application running on Android, the SELinux rules make it very difficult to do anything especially user-hostile. Hacking Team, the GPL-violating Italian company who sells surveillance software to human rights abusers, found that this impeded their ability to drop their spyware onto targets' devices. So they took advantage of the fact that many Android devices shipped a kernel with a flawed copy_from_user() implementation that allowed them to copy arbitrary userspace data over arbitrary kernel code, thus allowing them to disable SELinux.
(Score: 0, Flamebait) by Anonymous Coward on Wednesday November 11 2015, @09:51PM
Matthew Garrett? Is he still running his SJWed fork of Linux on Github?
(Score: 0, Offtopic) by linkdude64 on Wednesday November 11 2015, @10:11PM
While I share your disapproval of the Social Justice Warrior, it is important to remember that specific, open-minded, and logical articulation of ideas is what separates thinkers from zealots.
"Fuck this SJW," no matter how agreeable the statement may be, would be more widely accepted and respectable were you to include and explain the supporting evidence needed to validate such a strong statement.
(Score: 2, Informative) by Tork on Wednesday November 11 2015, @10:20PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Insightful) by linkdude64 on Wednesday November 11 2015, @11:03PM
Certainly not any moreso than the majority of comments "SJWs" make about most of their gripes. Extremism is the problem here, not a particular ideology; rejecting any statement outright based on buzzwords alone is hasty, IMO. Either way, this is offtopic.
(Score: 1, Offtopic) by Tork on Wednesday November 11 2015, @11:41PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: -1, Flamebait) by Anonymous Coward on Wednesday November 11 2015, @11:53PM
Fuck off. Go suck on some transgendered freak's plastic dildo dick.
(Score: 2, Funny) by Anonymous Coward on Wednesday November 11 2015, @10:25PM
Why do you presume I care about validation from the rest of the world? mjg is a stupid SJW who attention-whored out his github fork of the kernel and then after about a dozen commits it went dead and is now more than a month behind mainline. Great success!
(Score: 2, Insightful) by Anonymous Coward on Wednesday November 11 2015, @11:11PM
The guy had not deigned to include *any* evidence for this tale. Expects his words to be taken on faith.
Ergo - see subject.
The Internet is overfull of tall tales, and of spinners of such. Any faith I had, is long ago spent several times over; evidence must be presented. When a vulnerability is spoken about - there should be the CVE at the very leastest least. Or the only purpose of the words is plain unvarnished FUD.
(Score: 1, Flamebait) by Anonymous Coward on Wednesday November 11 2015, @11:20PM
How dare you. When an SJW states something is fact then it is fact. Do not try to use your white, cisgender priviledge to question them.